honeyd使用
honeyd可以同时模仿上千个不同的计算机
官网
honeyd-1.5c.tar.gz:http://www.honeyd.org
依赖包
libevent-1.3a.tar.gz:http://libevent.org/
libdnet-1.11.tar.gz:http://libdnet.sourceforge.net/
libpcap:http://www.tcpdump.org/release/
arpd-0.2.tar.gz:http://www.citi.umich.edu/u/provos/honeyd/arpd-0.2.tar.gz
安装
出现如下错误:
# cd arpd
# make
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -I/usr/local/include
-I/usr/local/include -c arpd.c
arpd.c: In function ‘arpd_send’:
arpd.c:268: error: expected ‘)’ before string constant
arpd.c: In function ‘arpd_lookup’:
arpd.c:285: error: expected ‘)’ before string constant
arpd.c:294: error: expected ‘)’ before string constant
arpd.c:297: error: expected ‘)’ before string constant
arpd.c: In function ‘arpd_recv_cb’:
arpd.c:426: error: expected ‘)’ before string constant
make: *** [arpd.o] Error 1解决办法:
//在arpd.c文件中添加
#define __FUNCTION__ ""出现如下错误:
# cd honeyd-1.5c
# ./configure
configure: error: need either libedit or libreadline; install one of them解决办法:
# apt-get install libedit-dev帮助
# honeyd -h
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
Usage: honeyd [OPTIONS] [net ...]
where options include:
-d Do not daemonize, be verbose.
-P Enable polling mode.
-l logfile Log packets and connections to logfile.
-s logfile Logs service status output to logfile.
-i interface Listen on interface.
-p file Read nmap-style fingerprints from file.
-x file Read xprobe-style fingerprints from file.
-a assocfile Read nmap-xprobe associations from file.
-0 osfingerprints Read pf-style OS fingerprints from file.
-u uid Set the uid Honeyd should run as.
-g gid Set the gid Honeyd should run as.
-f configfile Read configuration from file.
-c host:port:name:pass Reports starts to collector.
--webserver-address=address Address on which webserver listens.
--webserver-port=port Port on which webserver listens.
--webserver-root=path Root of document tree.
--fix-webserver-permissions Change ownership and permissions.
--rrdtool-path=path Path to rrdtool.
--disable-webserver Disables internal webserver
--disable-update Disables checking for security fixes.
--verify-config Verify configuration file then exit.
-V, --version Print program version and exit.
-h, --help Print this message and exit.
For plugin development:
--include-dir Prints out header files directory and exits.
--data-dir Prints out data/plug-in directory and exits.默认配置文件
# cat /etc/honeypot/honeyd.conf
route entry 10.0.0.1
route 10.0.0.1 link 10.2.0.0/24
route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps
route 10.3.0.1 link 10.3.0.0/24
route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5
route 10.3.1.1 link 10.3.1.0/24
# Example of a simple host template and its binding
create template
set template personality "Microsoft Windows XP Professional SP1"
set template uptime 1728650
set template maxfds 35
# For a complex IIS server
add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"
add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"
add template tcp port 23 proxy $ipsrc:23
add template udp port 53 proxy 141.211.92.141:53
set template default tcp action reset
# Use this if you are not running honeyd as 'honeyd' user:
# Debian-specific (use nobody = 65534 instead of 32767)
# set template uid 65534 gid 65534
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create router
set router personality "Cisco 1601R router running IOS 12.1(5)"
set router default tcp action reset
add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"
add router tcp port 23 "/usr/share/honeyd/scripts/router-telnet.pl"
bind 10.3.0.1 router
bind 10.3.1.1 router
bind 10.3.1.12 template
bind 10.3.1.11 template
bind 10.3.1.10 template
set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"
set 10.3.1.10 personality "IBM AIX 4.2"举例
编写一个telnet连接时,使用脚本应答
# vi test.sh
echo SSH-1.5-2.40
while read name
do
echo "$name"
done编写一个honeyd启动时,加载的配置
#vi config.sample
create linux //创建模板名称
set linux personality "Linux 2.4.20" //设置指纹名称
set linux default tcp action reset
add linux tcp port 21 open //打开21端口
add linux tcp port 23 "/home/scripts/test.sh"
bind 192.168.254.131 linux //为虚拟主机绑定ip启动arpd
虚拟出ip地址
# arpd 192.168.254.131
arpd[417]: listening on eth4: arp and (dst 192.168.254.131) and not ether src 00:0c:29:b9:5d:31启动honeyd
# honeyd -d -f /usr/local/share/honeyd/config.sample 192.168.254.131
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[373]: started with -d -f /usr/local/share/honeyd/config.sample 192.168.254.131
honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and
dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31
honeyd[373]: Demoting process privileges to uid 65534, gid 65534启动telnet测试
# telnet 192.168.254.131
Trying 192.168.254.131...
Connected to 192.168.254.131.
Escape character is '^]'.
SSH-1.5-2.40
dir
dir测试成功
honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and
dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31
honeyd[373]: Demoting process privileges to uid 65534, gid 65534
honeyd[373]: Connection request: tcp (192.168.254.1:50408 - 192.168.254.131:23)
honeyd[373]: Connection established: tcp (192.168.254.1:50408 - 192.168.254.131:23) <->
/home/scripts/test.sh其他命令
为蜜罐动态分配ip
set xxx ethernet "dell"
dhcp xxx on eth1创建动态模版
dynamic xxxhoneyd使用的更多相关文章
- honeyd蜜罐配置和web监听脚本
Honeyd的安装和配置 Honeyd软件依赖于下面几个库及arpd工具: (1)Libevent:是一个非同步事件通知的函数库. 通过使用 libevent,开发者能够设定某些事件发生时所运行的函数 ...
- honeyd路由拓扑
create router //创建路由器模版 set router personality "Cisco 7206 running IOS 11.1(24)" //指纹 add ...
- 虚拟蜜罐honeyd安装使用
转https://blog.csdn.net/jack237/article/details/6828771
- centos6-honeyd安装&配置
安装 需要装 libpcap libevent libdnet 等(!) 有些用的yum,有些下载的安装包手动安装 (wget tar configure make install 非常linux) ...
- The Honeynet ProjectThe Honeynet Project
catalogue . 蜜罐基本概念 . Kippo: SSH低交互蜜罐安装.使用 . Dionaea: 低交互式蜜罐框架部署 . Thug . Amun malware honeypots . Gl ...
- 11. IDS (Intrusion detection systems 入侵检测系统 6个)
Snort该网络入侵检测和防御系统擅长于IP网络上的流量分析和数据包记录. 通过协议分析,内容研究和各种预处理器,Snort可以检测到数千个蠕虫,漏洞利用尝试,端口扫描和其他可疑行为. Snort使用 ...
- The Best Hacking Tools
The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security pro ...
- 【传智播客】Libevent学习笔记(一):简介和安装
目录 00. 目录 01. libevent简介 02. Libevent的好处 03. Libevent的安装和测试 04. Libevent成功案例 00. 目录 @ 01. libevent简介 ...
- honeydctl命令
# honeydctl Honeyd 1.5c Management Console Copyright (c) 2004 Niels Provos. All rights reserved. See ...
随机推荐
- PostgreSQL DISTINCT 和 DISTINCT ON
select语句中,使用distinct关键字,在处理select list后,结果表可以选择消除重复的行.在SELECT之后直接写入DISTINCT关键字以指定此关键字: SELECT DISTIN ...
- [转]跨域问题(CORS / Access-Control-Allow-Origin)
原文链接:https://blog.csdn.net/xcbeyond/article/details/84453832 1.前言 最近在项目中,调用Eureka REST接口时,出现了CORS跨越问 ...
- 为什么JDK代码这样写?final ReentrantLock takeLock = this.takeLock
在CopyOnWriteArrayList的源码中有一个细节值得学习,就是在addIfAbsent方法中ReentrantLock的用法,先是将一个这个成员变量this.lock重新赋值给一个局部变量 ...
- Egret HTML5游戏开发指南
Egret HTML5游戏开发指南 下载地址:https://pan.baidu.com/s/1fuxllvmRhWXoWDwH4gxN9g 关注微信公众号获取提取码: 输入:egrt 获取提取码
- if [ $? -eq 0 ]的含义
if [ $? -eq 0 ]语句代表上一个命令执行后的退出状态 $0: shell或shell脚本的名字$*: 以一对双引号给出参数列表$@: 将各个参数分别加双引号返回$#: 参数 ...
- SQL Server表分区(转)
什么是表分区 一般情况下,我们建立数据库表时,表数据都存放在一个文件里. 但是如果是分区表的话,表数据就会按照你指定的规则分放到不同的文件里,把一个大的数据文件拆分为多个小文件,还可以把这些小文件放在 ...
- 百度URL参数解析
在用Python爬取百度搜索的内容时,发现百度搜索的url非常的长,往往会跟一大段的参数,但其实很多参数都是没有必要的,如同样是搜索java关键字,可以通过 http://www.baidu.com/ ...
- Openresty 健康检查
## 指定共享内存 lua_shared_dict healthcheck 1m; ## 在worker初始化过程中,启动定时器,进行后端结点的检查 init_worker_by_lua_block ...
- 如何改变 select 元素的高度
mozilla 对于美化 select 元素的样式有这样一段描述(用 CSS 美化 Select 元素): 众所周知,select 元素很难用 CSS 进行高效的设计.你可以影响任何元素的某些方面 - ...
- SGU 126. Boxes --- 模拟
<传送门> 126. Boxes time limit per test: 0.25 sec. memory limit per test: 4096 KB There are two b ...