honeypot - The NAT32 HoneypotDESCRIPTION
The NAT32 Honeypot consists of two threads that run on startup: one thread that listens at the standard HTTP port (80) and (optionally) another that listens at the standard HTTPS port (443).NOTESThe honeypot threads listen at ports visible only to NAT32's own TCP/IP stack at the (default) address 126.96.36.199, thus ensuring that conflicts with Windows servers using those ports cannot occur.
The following types (and associated files or headers) are presently implemented:
404 Not Found
Web clients do DNS lookups when requesting Internet content, and it is the NAT32 DNS Resolver Daemon that intercepts those lookups and reports the honeypot address rather than the real address for undesirable sites.
This mechanism ensures that no communication with such sites ever takes place, resulting in greatly reduced traffic volumes, greatly enhanced privacy and protection from malicious content.
The DNS Resolver determines the desirability of a site by consulting black-lists, grey-lists and white-lists. Further details can be found here.
HTTPS requests to the honeypot are always blocked and the target server name is printed in the Monitor window. Prudent users will block HTTPS requests to all sites not listed in the white-list to prevent information leakage and privacy infringements. This is done by adding the wild-card entry * to the grey-list and the permitted names to the white-list.
The honeypot can also redirect requests to black-listed sites to the same URL but with an IP address substituted for the host name. This feature is called Redirect to IP and can be carried out for a name appearing in the variable 'exception' or if the URL contains the string 'redirect'.
ExamplesInterestingly, if Google sites are accessed via URLs containing an IP address instead of a name, no redirection to HTTPS occurs.set exception google # Redirect all URLS containing 'google' to an IP URL http://www.google.com/redirect # Redirect to an IP URL http://honeypot.box/exception # View the current exception http://honeypot.box/exception= # Clear the exception http://honeypot.box/exception=google # Temporarily allow Google access
dnsmap, dnsrd, dstat, setns, setnsi setnss setnsx setwns