Honeypots are traps that attract invaders on the network and reveal information about their approaches. A server that is part of the normal departmental network is always an attractive target. A honeypot pretends to be a real server, responding to queries and commands from the intruder and tracking the intruder's actions, alerting network authorities that an attack is taking place. This article describes some options for implementing a honeypot on a tiny $35 Raspberry Pi computer.

The easiest form of a honeypot is the low-interaction honeypot – a comparatively simple piece of software that offers a tasty target for attackers. High-interaction honeypots are more complex because they simulate one or more complete computer systems; a pure honeypot presents a modified version of a normal production server that is additionally equipped with forensic tools. Thanks to falling hardware costs, you can easily equip even smaller networks with honeypots, especially if you have access to cheap hardware like a Raspberry Pi.

Installing the Software

Attackers follow the "low-hanging fruit" principle: After analyzing the network, they usually settle on the target that looks most vulnerable. Glastopf [1] is a server written in Python that has a number of simulated vulnerabilities. According to the project website, Glastopf "… emulates thousands of vulnerabilities to gather data from attacks targeting web applications." A computer equipped with Glastopf magically attracts attackers. The comparatively frugal hardware requirements – Glastopf can do without virtualization and complex services – make the system ideally suited for single-board computers.

[...]