labrea
labrea is a program that creates a "sticky honeypot" by taking over unused IP addresses on a network and creating virtual machines that answer to connection attempts. labrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
| Tags | Security |
|---|---|
| Licenses | GPL |
| Operating Systems | OS Independent |
| Implementation | C |
Recent releases
- 30 Oct 2003 14:03
Changes: This release has autoconf / automake support, libdnet support, dynamic firewall ports, speed improvements, more secure command line parsing, CIDR style input parameters, better error messages, changes in virtual machine behaviour, improved ARP support, improved Windows support including remote syslog and Event file logging, and a new debug facility.
- 18 Feb 2003 09:38
Changes: Version 2.5 incorporates autoconf/automake support. The pgm now uses libdnet. In firewalling mode, ports are added dynamically based on activity. This slows down nmap scans but enables labrea to trap new malware. An optional ARP sweep can be performed on the local subnet to detect occupied IP addresses. labrea now looks at general ARP replies to better track who has what. Pgm now accepts long options (eg --my-option). Remote syslog now works for Windows.
- 17 Feb 2003 18:20
Changes: The Win32 version now has the full functionality of the Unix versions. The separate configuration files have been combined into a single file. labrea can now be configured to ignore (and not tarpit) connection attempts from specific IP addresses/specific ports. labrea can now use DNS to automatically exclude any local IPs that resolve. There is better functionality under switched environments, and also better BSD support. Bandwidth tracking while persist capturing has been improved.
