Document Type


Lead Author Type

CIS Masters Student


Dr. Andrew Kalafut,

Embargo Period



The prevalence and permeation of technology in business has allowed for new and very creative ways to steal. With data breaches becoming more common (and more publicized), many people are aware of the threats that large companies face. However, the digital threats that a normal person faces are not as apparent. While many stories exist of people using technology to threaten or harass others, many are not necessarily aware of the threats these large scale data thieves pose to those who just simply own an always-on internet connection. This project was conceived as a way to see what threatens the common user. Using SecurityOnion, ESXI, and an unpatched operating system a simple network intrusion detection system was created to capture the reconnaissance traffic being sent to a residential IP address.

The usage of ESXI allows for fast deployment of new exploitable systems as well as easy packet capture with virtual switches. SecurityOnion was used due to its’ ease of use and detailed tutorials. An unpatched, unregistered, and unprotected (no firewall or antivirus) copy of Windows XP was used as the honeypot. All unsolicited packets from unknown IP addresses were then analyzed for country of origin to gain statistics on where attackers are coming from (or rather where they wish to be seen coming from), as well as to see the most common ports that were being scanned for.