KFSensor is windows based Honeypot IDS (Intrusion Detection System), which acts as a honeypot to attract and detect hackers or other unauthorized users and Trojans by creating a virtual vulnerable system and services. By acting as a lure server or system it can divert all attacks and unauthorized visiting from a crucial and critical system. KFSensor is designed to use in windows based corporate level company and provides a cost effective way to improve network level security.
Let’s see how it works and protects.
You can download KFSensor from their official website or follow this link http://goo.gl/YrFmkb
So here I installed KFSensor on my system when you open KFSensor for the first time on you system you have to configure so, let’s do it.
Now here you have to select your native services to monitor. Well, these services are running by default by the system
If you want notification related to attacks directly in your email account then give you email details here in this section to receive KFSensor email alerts.
Now finally click on finish to start monitoring your network.
This is the main interface of KFSensor where you can see each and every visit with deep details. You can view visitors by ports as well as by IP address.
So now if an intruder tries to scan or attack your system KFSensor will show them a simulated vulnerable machine and records their IP address, protocols, type of attack or scan they are performing, etc.
For example, here I’m scanning windows IP address running KFSensor with Nmap from my Linux system. You can see that Nmap results show me lots of services running on windows system which can be usedto perform an attack.
When I was performing Nmap scan KFSensor capture and record my IP address. You can see someone visited port 21 which is used for file transfer and visitor name is pc2-pc.rajlab.com