Using Your Modern Honeynet (MHN)

What you'll see when running a server and sensors

In previous posts, I covered creating an MHN Server and deploying MHN Sensors. This post shows you some of MHN's capabilities.

Server Side

On the server, you can observe the following via the web interface.

Map

See a map updated near real-time of attack sources and targets.

MHN-Realtime-Attack-Map image

Deploy

Deploy new sensors as covered in a previous post.

Attacks

View near real-time data on attacks hitting your sensors.

MHN Attacks Report screenshot

Payloads

Download and interact with actual payloads deposited in hacking attempts on your sensors. Use extreme caution with these. They are likely live exploits. You will want to have a segregated environment and experience doing malware analysis.

MHN Payloads screenshot

Rules

You can view rules for applicable sensors like Snort rules here.

MHN Rules Management screenshot

Sensors

View deployed sensors and the number of hits they've received.

MHN Sensors and Hits screenshot

Charts

You can view some interesting statistics from Kippo and Cowrie sensors here including top passwords and usernames observed in attacks and top attackers.

Top captured usernames and passwords:
MHN Most cowrie-kippo most used usernames and passwords screenshot

Kippo/Cowrie top attackers:
MHN Kippo and Cowrie Top Attackers screenshot

On Honeypots

On the individual honeypots, you can look further at the information collected. Some may not be readily visible on the MHN Server.

Consult the project site for the individual honeypot you're interested in exploring deeper for more information.