Chapter 3: Windows Honeypot Modeling

		Chapter 3 - Windows Honeypot Modeling Honeypots for Windows by Roger A. Grimes Apress 2005

Overview

When a hacker probes your honeypot, it is crucial that it appears to be a legitimate Windows host. This is fairly easy to set up if you use a real honeypot running real Windows software, but not as straightforward if you’re running an emulated honeypot. Because the world of honeypots is so Unix-centric, you won’t find much information (beyond this book) about how to configure an emulated honeypot so it looks like the real McCoy.

When deploying a real honeypot using a Windows OS, you can simply deploy the software and services to mimic real production computers. However, there is significantly more to it than meets the eye, as you will learn in Chapter 4. The task becomes inherently harder when using an emulated honeypot, as we will do with Honeyd in Chapters 5 through 7.

This chapter is about emulating the right ports and applications for your Windows honeypot scenario. It provides an overview of the common Windows network services and TCP/IP ports that you can choose to run and emulate. Some services and applications, like NetBIOS and Exchange Server, will be covered in detail.