Erinevus lehekülje "Honeyd" redaktsioonide vahel

Allikas: Kuutõrvaja
(Uus lehekülg: 'Startimine honeyd -d -f honeyd.conf -l /tmp/logfile Testimine nmapiga nmap -p 135 192.168.134.147')
 
6. rida: 6. rida:
  
 
  nmap -p 135 192.168.134.147
 
  nmap -p 135 192.168.134.147
 +
 +
 +
/usr/local/lib/honeyd/libhoneyd.so
 +
/usr/local/share/honeyd/proxy
 +
/usr/local/bin/honeyd
 +
/usr/local/share/honeyd/smtp
 +
/usr/local/bin/honeydstats
 +
 +
 +
create default
 +
set default personality "Linux 2.2.14"
 +
set default default tcp action block
 +
add default udp port 53 "./scripts/dnstool.py"
 +
 +
Lokaalne testimine
 +
 +
#sudo ./honeyd -f config.sample 10.0.0.0/8
 +
#sudo route -n add -net 10.0.0.0/8 gw 127.0.0.1
 +
 +
Ruutimine
 +
 +
root@nsllinux07:~# farpd 142.166.115.8/29
 +
 +
http://travisaltman.com/honeypot-honeyd-tutorial-part-2-multiple-honeypots/
 +
 +
''''
 +
 +
create default
 +
set default default tcp action block
 +
set default default udp action block
 +
set default default icmp action block
 +
 +
create windows
 +
set windows personality "Microsoft Windows XP Professional SP1"
 +
set windows default tcp action reset
 +
add windows tcp port 135 open
 +
add windows tcp port 139 open
 +
add windows tcp port 445 open
 +
 +
create avaya
 +
set avaya personality "Avaya G3 PBX version 8.3"
 +
set avaya default tcp action reset
 +
add avaya tcp port 4445 open
 +
add avaya tcp port 5038 open
 +
 +
create solaris
 +
set solaris personality "Avaya G3 PBX version 8.3"
 +
set solaris default tcp action reset
 +
add solaris tcp port 22 open
 +
add solaris tcp port 2049 open
 +
 +
set windows ethernet "00:00:24:ab:8c:12"
 +
set avaya ethernet "00:00:24:ab:8c:13"
 +
set solaris ethernet "00:00:24:ab:8c:14"
 +
dhcp windows on eth1
 +
dhcp avaya on eth1
 +
dhcp solaris on eth1
 +
 +
honeyd -d -f honeyd.conf
 +
 +
nmap -p 4445,5038,5555 192.168.99.160
 +
 +
 +
http://blogs.23.nu/disLEXia/2004/08/antville-4485/
 +
 +
Scenario 1: FreeBSD router
 +
 +
I use the disc(art) interface to redirect traffic to my honeyd. All redirection to the honeyd can be archived by normal routing commands. First create a disc interface and put honeyd there.
 +
 +
% ifconfig disc0 create
 +
% ifconfig disc0 172.31.255.255/32 #interface needs an private IP to be seen as an IP interface
 +
% honeyd -i disc0
 +
 +
If I have only single IPs (eg a.b.c.130, .145 and .160) I can use host routes to redirect them to honeyd:
 +
 +
% route add -host a.b.c.130 -interface disc0
 +
% route add -host a.b.c.145 -interface disc0
 +
% route add -host a.b.c.160 -interface disc0
 +
 +
 +
Now I just have to redirect traffic to the disc interface:
 +
 +
Lets assume the router carries the network a.b.c.128-255 which I want to use for honeynet purposes. Easy: just re-route it to disc0:
 +
 +
% route add -net a.b.c.128/27 -interface disc0
 +
 +
 +
gateway_enable="YES"
 +
 +
annotate "AIX 4.0 - 4.2" fragment old
 +
# Example of a simple host template and its binding
 +
create template
 +
set template personality "AIX 4.0 - 4.2"
 +
add template tcp port 80 "sh scripts/web.sh"
 +
add template tcp port 22 "sh scripts/test.sh $ipsrc $dport"
 +
add template tcp port 23 proxy 10.23.1.2:23
 +
set template default tcp action reset
 +
 +
bind 10.21.19.102 template
 +
 +
***
 +
 +
create windows
 +
set windows personality "Microsoft Windows XP Professional SP1"
 +
set windows default tcp action reset
 +
add windows tcp port 135 open
 +
add windows tcp port 139 open
 +
add windows tcp port 445 open
 +
 +
bind 193.40.0.10 windows
 +
 +
ymiseja# honeyd -f honeyd.conf -i disc0
 +
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
 +
honeyd[56674]: started with -f honeyd.conf -i disc0
 +
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
 +
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
 +
honeyd[56674]: listening on disc0: ip
 +
Honeyd starting as background process
 +
 +
EVENT_NOKQUEUE to yes"
 +
 +
Sep 27 12:21:38 ymiseja honeyd[56675]: Kqueue does not recognize bpf filedescriptor.
 +
 +
 +
export EVENT_NOKQUEUE=yes to .profile

Redaktsioon: 21. detsember 2013, kell 20:15

Startimine 

honeyd -d -f honeyd.conf -l /tmp/logfile

Testimine nmapiga 

nmap -p 135 192.168.134.147


/usr/local/lib/honeyd/libhoneyd.so /usr/local/share/honeyd/proxy /usr/local/bin/honeyd /usr/local/share/honeyd/smtp /usr/local/bin/honeydstats 


create default
set default personality "Linux 2.2.14"
set default default tcp action block
add default udp port 53 "./scripts/dnstool.py"

Lokaalne testimine 

#sudo ./honeyd -f config.sample 10.0.0.0/8
#sudo route -n add -net 10.0.0.0/8 gw 127.0.0.1

Ruutimine 

root@nsllinux07:~# farpd 142.166.115.8/29

http://travisaltman.com/honeypot-honeyd-tutorial-part-2-multiple-honeypots/

' 

create default
set default default tcp action block
set default default udp action block
set default default icmp action block

create windows
set windows personality "Microsoft Windows XP Professional SP1"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open

create avaya
set avaya personality "Avaya G3 PBX version 8.3"
set avaya default tcp action reset
add avaya tcp port 4445 open
add avaya tcp port 5038 open

create solaris set solaris personality "Avaya G3 PBX version 8.3" set solaris default tcp action reset add solaris tcp port 22 open add solaris tcp port 2049 open

set windows ethernet "00:00:24:ab:8c:12" set avaya ethernet "00:00:24:ab:8c:13" set solaris ethernet "00:00:24:ab:8c:14" dhcp windows on eth1 dhcp avaya on eth1 dhcp solaris on eth1

honeyd -d -f honeyd.conf

nmap -p 4445,5038,5555 192.168.99.160


http://blogs.23.nu/disLEXia/2004/08/antville-4485/

Scenario 1: FreeBSD router

I use the disc(art) interface to redirect traffic to my honeyd. All redirection to the honeyd can be archived by normal routing commands. First create a disc interface and put honeyd there.

% ifconfig disc0 create % ifconfig disc0 172.31.255.255/32 #interface needs an private IP to be seen as an IP interface % honeyd -i disc0

If I have only single IPs (eg a.b.c.130, .145 and .160) I can use host routes to redirect them to honeyd:

% route add -host a.b.c.130 -interface disc0 % route add -host a.b.c.145 -interface disc0 % route add -host a.b.c.160 -interface disc0


Now I just have to redirect traffic to the disc interface:

Lets assume the router carries the network a.b.c.128-255 which I want to use for honeynet purposes. Easy: just re-route it to disc0:

% route add -net a.b.c.128/27 -interface disc0 


gateway_enable="YES"

annotate "AIX 4.0 - 4.2" fragment old

  1. Example of a simple host template and its binding

create template set template personality "AIX 4.0 - 4.2" add template tcp port 80 "sh scripts/web.sh" add template tcp port 22 "sh scripts/test.sh $ipsrc $dport" add template tcp port 23 proxy 10.23.1.2:23 set template default tcp action reset

bind 10.21.19.102 template

create windows set windows personality "Microsoft Windows XP Professional SP1" set windows default tcp action reset add windows tcp port 135 open add windows tcp port 139 open add windows tcp port 445 open

bind 193.40.0.10 windows

ymiseja# honeyd -f honeyd.conf -i disc0 Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos honeyd[56674]: started with -f honeyd.conf -i disc0 Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0" Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3" honeyd[56674]: listening on disc0: ip Honeyd starting as background process

EVENT_NOKQUEUE to yes"

Sep 27 12:21:38 ymiseja honeyd[56675]: Kqueue does not recognize bpf filedescriptor.


export EVENT_NOKQUEUE=yes to .profile

Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Honeyd&oldid=28059"