KFSensor is windows based
Honeypot IDS (Intrusion Detection System), which acts as a honeypot to attract
and detect hackers or other unauthorized users and Trojans by creating a
virtual vulnerable system and services. By acting as a lure server or system it
can divert all attacks and unauthorized visiting from a crucial and critical system.
KFSensor is designed to use in windows based corporate level company and
provides a cost effective way to improve network level security.
Let’s see how it works and protects.
You can download KFSensor from their official website or
follow this link http://goo.gl/YrFmkb
So here I installed KFSensor on my system when you open
KFSensor for the first time on you system you have to configure so, let’s do
it.
Now here you have to select your native services to monitor. Well, these services are running by default by the system
If you want notification related to attacks directly in your
email account then give you email details here in this section to receive
KFSensor email alerts.
Now finally click on finish to start monitoring your
network.
This is the main interface of KFSensor where you can see
each and every visit with deep details. You can view visitors by ports as well
as by IP address.
So now if an intruder tries to scan or
attack your system KFSensor will show them a simulated vulnerable machine and
records their IP address, protocols, type of attack or scan they are
performing, etc.
For example, here I’m scanning windows IP address running
KFSensor with Nmap from my Linux system. You can see that Nmap results show me
lots of services running on windows system which can be usedt o perform an
attack.
When I was performingNmap scan
KFSensor capture and record my IP address. You can see someone visited port 21 which is used for file transfer
and visitor name is pc2-pc.rajlab.com
