Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.
Honeyd allows a single host to claim multiple addresses on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.
Here are some key features of "Honeyd":
· Simulates thousands of virtual hosts at the same time.
Configuration of arbitrary services via simple configuration file:
· Includes proxy connects.
· Passive fingerprinting to identify remote hosts.
· Random sampling for load scaling.
Simulates operating systems at TCP/IP stack level:
· Fools nmap and xprobe,
· Adjustable fragment reassembly policy,
· Adjustable FIN-scan policy.
Simulation of arbitrary routing topologies:
· Configurable latency and packet loss.
· Assymetric routing.
· Integration of physical machines into topology.
· Distributed Honeyd via GRE tunneling.
Subsystem virtualization:
· Run real UNIX applications under virtual Honeyd IP addresses: web servers, ftp servers, etc...
· Dynamic port binding in virtual address space, background initiation of network connections, etc.
Requirements:
· libdnet
· libevent
· Libpcap