Honeyd
FreeBSD
FreeBSD masinas paigaldatakse honeyd pordi installimise järel järgnevad failid
/usr/local/lib/honeyd/libhoneyd.so /usr/local/share/honeyd/proxy /usr/local/bin/honeyd /usr/local/share/honeyd/smtp /usr/local/bin/honeydstats
Meil on serveri väline aadress 193.40.41.32 ning tekitame virtuaalse windowsi masina 193.40.41.34 aadressiga.
create default set default default tcp action block set default default udp action block set default default icmp action block create windows set windows personality "Microsoft Windows XP Professional SP1" set windows default tcp action reset add windows tcp port 135 open add windows tcp port 139 open add windows tcp port 445 open set windows ethernet "00:00:24:ab:8c:12" bind 193.40.41.34 windows
Ja käivitame selle
# honeyd -d -i nfe0 -f honey.conf honeyd[5482]: listening promiscuously on nfe0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:17:31:dc:5d:b7
Testimine nmapiga
nmap -p 135 192.168.134.147
Manuaali leht mitmete näidetega http://www.manualpages.de/FreeBSD/FreeBSD-ports-9.0-RELEASE/man8/honeyd.8.html
create default set default personality "Linux 2.2.14" set default tcp action block add default udp port 53 "./scripts/dnstool.py"
Lokaalne testimine
#sudo ./honeyd -f config.sample 10.0.0.0/8 #sudo route -n add -net 10.0.0.0/8 gw 127.0.0.1
http://travisaltman.com/honeypot-honeyd-tutorial-part-2-multiple-honeypots/
Windows XP koos uue MAC aadressi ja dhcp küsimisega.
create default set default default tcp action block set default default udp action block set default default icmp action block create windows set windows personality "Microsoft Windows XP Professional SP1" set windows default tcp action reset add windows tcp port 135 open add windows tcp port 139 open add windows tcp port 445 open set windows ethernet "00:00:24:ab:8c:12" dhcp windows on eth1 # väline seade
Käivitamiseks
# honeyd -d -i eth1 -f honeyd-winxp.conf
Veel üks masin
create default set default default tcp action block set default default udp action block set default default icmp action block
create windows set windows personality "Microsoft Windows XP Professional SP1" set windows default tcp action reset add windows tcp port 135 open add windows tcp port 139 open add windows tcp port 445 open
create avaya set avaya personality "Avaya G3 PBX version 8.3" set avaya default tcp action reset add avaya tcp port 4445 open add avaya tcp port 5038 open
create solaris set solaris personality "Avaya G3 PBX version 8.3" set solaris default tcp action reset add solaris tcp port 22 open add solaris tcp port 2049 open
set windows ethernet "00:00:24:ab:8c:12" set avaya ethernet "00:00:24:ab:8c:13" set solaris ethernet "00:00:24:ab:8c:14" dhcp windows on eth1 dhcp avaya on eth1 dhcp solaris on eth1
honeyd -d -f honeyd.conf
nmap -p 4445,5038,5555 192.168.99.160
http://blogs.23.nu/disLEXia/2004/08/antville-4485/
create windows set windows personality "Microsoft Windows XP Professional SP1" set windows default tcp action reset add windows tcp port 135 open add windows tcp port 139 open add windows tcp port 445 open
bind 193.40.0.10 windows
create template set template personality "Linux kernel 2.4.23 (x86)" # Honeypot signature set template uptime 0428938 # Set uptime add template tcp port 21 "sh /usr/share/honeyd/ftp.sh" # Add the template set template default tcp action block # Block other TCP ports set template default udp action block # Block other UDP ports
create template set template personality "Microsoft Windows 2000 Advanced Server SP3" add template tcp port 80 "sh /usr/share/honeyd/scripts/win2k/iis.sh" bind 145.18.57.13 template In the other con?g, e.g. /etc/honeyd/honeyd2.conf the apache con?guration create template set template personality "Linux kernel 2.4.18 (x86)" add template tcp port 80 "sh /usr/share/honeyd/scripts/suse7.0/apache.sh" bind 145.18.57.13 template
