If its happen that you like to run your honeypot on a Windows system then Honeyport is something worth to try.
Honeyports is a powershell script that will Creates a job that listens on TCP Ports specified and when a connection is established, it can either simply log or add a local firewall rule to block the host from further connections.
The script is written by John Hoyt, Carlos Perez and Greg Foss and its available on">
.\honeyport.ps1 -ports 2222
">One of the greatest features of thehoneyportspowershellscript that it will log to the Windows events ,the events would be logged under thename of">" />
Now lets try to connect to port 2222 and see what">
nc 192.168.8.104 2222
">
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
108216 Apr 22 14:48 Information BlueKit 1002 192.168.8.105 has probed the HoneyPort on port ...
108215 Apr 22 14:47 Information BlueKit 1001 HoneyPort has started listening for connections...
Now let">
.\honeyport.ps1 -ports 4444 -block $true
">
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
115644 Apr 22 16:36 Information BlueKit 1002 192.168.8.105 has been blocked on port 4444
115643 Apr 22 16:36 Information BlueKit 1002 192.168.8.105 has probed the HoneyPort on port ...
">
$rule.Protocol = 6
">
$rule.Protocol = all
">
stop-job -name HoneyPort
remove-job -name HoneyPort
And don">
Remove-NetFirewallRule -DisplayName Block scanner
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.