In this series of articles I will be showing you how to
setup your own honeypot on an Amazon EC2 instance. I have experimented and read
a lot about how malware works but nothing beats seeing it in action, and
trapping malware that’s in the wild.
Well the first thing that you have to do is get an AWS
account. Simply go to http://aws.amazon.com
and sign up, unfortunately you have to
input a credit card. But they offer a free tier, so go ahead and put it in and
make sure you select free tier options. In this article I will be using nothing
but free tier services. So you can setup a honeypot in the cloud that runs 24/7
for free!
OK I will show you how to setup your instance. First you
will need a few things. First of all the AWS account. But you can modify my
process for use in a virtual machine or a main rig, but I recommend AWS.
Go ahead and get putty, the url is:
Ok lets setup your instance, its very simple. First you want
to select your region, because malware is different and more rampant in
different regions. You can select this in the upper right corner of the AWS site. The selections are:
- US East (North Virginia)
- US West (Oregon)
- EU (Ireland)
- EU (Frankfurt)
- Asia Pacific (Singapore)
- Asia Pacific (Tokyo)
- Asia Pacific (Sydney)
- South America (Sao Paulo)
Ok now that you have picked your location lets setup your
instance. Choose the EC2 tab in AWS, and choose launch instance. Click on the
Community AMI’s tab. Search for Ubuntu ubuntu-trusty-14.04-amd64-server-20150325
(ami-d05e75b8). If this distro is not available in your region just search for Ubuntu
14.04 with a root store of “EBS”.
We want the most updated distro we can find. We are going to
be messing with hackers, and you never know who might be pissed you got ahold
of their malwares. (Fair warning)
Make sure you select the instance type to micro, there will
be Free Tier Eligible under it.
Continue until you reach the prompt to create a key pair,
choose a name for your instance. For example honeypot, no one will see this but
you. Ok, now download that key and save it for later in this tutorial, this is
the only way to connect to your instance so don’t lose it!
Now to create the security group, make sure you create new
and choose all traffic, and source 0.0.0.0. This will open you up to the world,
but that is what we want right? OK, push continue and then Launch. Give your
new instance time to startup, and there we go!
In the next installment of this I will show how to login to your
new instance and setup Kippo!
No comments :
Post a Comment