Center for Information Technology Integration   
Honeyd Challenge

Feburary 17th, 2003

Honeyd Challenge

Honeyd is a very flexible tool to create virtual honeypots. To improve its usefulness, the honeypot community is asked to participate in the following challenge:
Improve Honeyd by creating useful feature additions.


 Feature additions and improvements are sought in the following areas:
  • Service Emulations: Submit services with optional simulation of vulnerabilities that can be used with Honeyd: for example, web servers, ftp servers, p2p services, etc.
  • Source code features: Source code to improve the features that Honeyd supports: for example, improved service virtualization, improved topology generation, realistic internal routing simulation, passive fingerprinting, ability of honeypots to create network connections between each other, interactive reconfiguration via management console, further improvements to evade stack detection, etc.
  • Graphical user interface: Create a graphical user interface to configure, manage and query Honeyd.
  • Forensic Analysis: Create tools to analyze or visualize Honeyd log files.
 This is just a list of potential improvements. You may have other and better ideas on how to improve Honeyd.

 Your improvements should be based on Honeyd 0.5. Since the announcement of the challenge some bugs have been patched.


Your submissions need to fulfill the following requirements:
  • Submissions need to be received by March 14th, 2003.
  • All submissions should be sent to with "Honeyd Challenge" in the subject.
  • Your feature additions need to be well documented so that the judges are able to evaluate your work.
  • Your code needs to compile and run on a UNIX-like system. However, this does not preclude code that also runs on other platforms. The judges are using FreeBSD, GNU/Linux and NetBSD.
  • Submit a gzip compressed tar archive as email attachment with the following structure:
    • README - explain the contents of the tar archive, include your name, postal and email addresses.
    • Documentation - use ascii, postscript or pdf as data format.
    • Patches - please use diff against the released version of honeyd.
    • Other files and directories as suitable, please explain in README.
  • Source code features to be integrated into Honeyd need to be covered by a BSD-like license. Service emulations and graphical user interface may be either BSD-like or GPL. BSD license is preferred though.


Submissions will be judged by experienced volunteers. The winners will be selected and announced on March 21th 2003.

The judges include but are not limited to:

  • Mike Clark
  • Job de Haas
  • Niels Provos
  • Rain Forest Puppy
  • Lance Spitzner
We are going to use the following scoring guidelines to determine the winners:
  • 0 - 5 points for documentation. Did you include all necessary documentation? Is the documentation easy to read, follow and understand?
  • 0 - 5 points for code style. Is your code organized and logical? You might want to look at the NetBSD share/misc/style for a guideline.
  • 0 - 10 points for novelty of submission. Are you solving an interesting problem?
  • 0 - 10 points for completeness of submission. Does your submission work correctly?


The ten best submissions are rewarded with Lance Spitzner's new book "Honeypots: Tracking Hackers," signed by Lance Spitzner and Niels Provos. Additional prizes include a free pass to CanSecWest/core03 conference including a free hotel (up to four nights) for the first place, a $200 gift certificate to amazon for the 2nd place, and a $100 gift certificate to amazon for the 3rd place. Winners may trade their prizes. (NB: You may join teams and submit as a team. However, in that case, prizes are awarded to the team and not to each person.)

However, the main goal of this challenge is to have fun, contribute good work to the community and allow you and others to learn about the usefulness of tools like Honeyd.

After the winners have been announced, the top 20 entries will be posted on the Honeyd contributions page.

Good luck, and have fun!



Since the challenge has been announced, the following bugs have been patched:
  • 001-ipfrag.patch - 2003-02-18 - Fixes a crash in the fragment reassembly code. Discovered by George Akimov.
  • 002-proxy.patch - 2003-03-04 - Allows proxy connections again. Discovered by Peter Balland.
Using the patches above is not required to make a submission. However, applying them may help you to run Honeyd more reliably.



Niels Provos
Last modified: Tue Apr 29 00:56:58 EDT 2003
  You can keep me happy while hacking by reducing my Wishlists: Books, Music