honeyd可以同时模仿上千个不同的计算机

官网

honeyd-1.5c.tar.gz:http://www.honeyd.org

依赖包

libevent-1.3a.tar.gz:http://libevent.org/

libdnet-1.11.tar.gz:http://libdnet.sourceforge.net/

libpcap:http://www.tcpdump.org/release/

arpd-0.2.tar.gz:http://www.citi.umich.edu/u/provos/honeyd/arpd-0.2.tar.gz

安装

出现如下错误:

# cd arpd

# make

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -I/usr/local/include

-I/usr/local/include -c arpd.c

arpd.c: In function ‘arpd_send’:

arpd.c:268: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_lookup’:

arpd.c:285: error: expected ‘)’ before string constant

arpd.c:294: error: expected ‘)’ before string constant

arpd.c:297: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_recv_cb’:

arpd.c:426: error: expected ‘)’ before string constant

make: *** [arpd.o] Error 1

解决办法:

//在arpd.c文件中添加

#define __FUNCTION__ ""

出现如下错误:

# cd honeyd-1.5c

# ./configure

configure: error: need either libedit or libreadline; install one of them

解决办法:

# apt-get install libedit-dev

帮助

# honeyd -h

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

Usage: honeyd [OPTIONS] [net ...]

where options include:

  -d                     Do not daemonize, be verbose.

  -P                     Enable polling mode.

  -l logfile             Log packets and connections to logfile.

  -s logfile             Logs service status output to logfile.

  -i interface           Listen on interface.

  -p file                Read nmap-style fingerprints from file.

  -x file                Read xprobe-style fingerprints from file.

  -a assocfile           Read nmap-xprobe associations from file.

  -0 osfingerprints      Read pf-style OS fingerprints from file.

  -u uid                  Set the uid Honeyd should run as.

  -g gid                  Set the gid Honeyd should run as.

  -f configfile          Read configuration from file.

  -c host:port:name:pass Reports starts to collector.

  --webserver-address=address Address on which webserver listens.

  --webserver-port=port  Port on which webserver listens.

  --webserver-root=path  Root of document tree.

  --fix-webserver-permissions Change ownership and permissions.

  --rrdtool-path=path    Path to rrdtool.

  --disable-webserver    Disables internal webserver

  --disable-update       Disables checking for security fixes.

  --verify-config        Verify configuration file then exit.

  -V, --version          Print program version and exit.

  -h, --help             Print this message and exit.

For plugin development:

  --include-dir          Prints out header files directory and exits.

  --data-dir             Prints out data/plug-in directory and exits.

默认配置文件

# cat /etc/honeypot/honeyd.conf 

route entry 10.0.0.1

route 10.0.0.1 link 10.2.0.0/24

route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps

route 10.3.0.1 link 10.3.0.0/24

route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5

route 10.3.1.1 link 10.3.1.0/24

# Example of a simple host template and its binding

create template

set template personality "Microsoft Windows XP Professional SP1"

set template uptime 1728650

set template maxfds 35

# For a complex IIS server

add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"

add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"

add template tcp port 23 proxy $ipsrc:23

add template udp port 53 proxy 141.211.92.141:53

set template default tcp action reset

# Use this if you are not running honeyd as 'honeyd' user:

# Debian-specific (use nobody = 65534 instead of 32767)

# set template uid 65534 gid 65534

create default

set default default tcp action block

set default default udp action block

set default default icmp action block

create router

set router personality "Cisco 1601R router running IOS 12.1(5)"

set router default tcp action reset

add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"

add router tcp port 23 "/usr/share/honeyd/scripts/router-telnet.pl"

bind 10.3.0.1 router

bind 10.3.1.1 router

bind 10.3.1.12 template

bind 10.3.1.11 template

bind 10.3.1.10 template

set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"

set 10.3.1.10 personality "IBM AIX 4.2"

举例

编写一个telnet连接时,使用脚本应答

# vi test.sh

echo SSH-1.5-2.40

while read name

do

    echo "$name"

done

编写一个honeyd启动时,加载的配置

#vi config.sample

create linux    //创建模板名称

set linux personality "Linux 2.4.20"    //设置指纹名称

set linux default tcp action reset 

add linux tcp port 21 open      //打开21端口

add linux tcp port 23 "/home/scripts/test.sh"

bind 192.168.254.131 linux      //为虚拟主机绑定ip

启动arpd

虚拟出ip地址

# arpd 192.168.254.131

arpd[417]: listening on eth4: arp and (dst 192.168.254.131) and not ether src 00:0c:29:b9:5d:31

启动honeyd

# honeyd -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

honeyd[373]: started with -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

启动telnet测试

# telnet 192.168.254.131

Trying 192.168.254.131...

Connected to 192.168.254.131.

Escape character is '^]'.

SSH-1.5-2.40

dir

dir

测试成功

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

honeyd[373]: Connection request: tcp (192.168.254.1:50408 - 192.168.254.131:23)

honeyd[373]: Connection established: tcp (192.168.254.1:50408 - 192.168.254.131:23) <->

/home/scripts/test.sh

其他命令

为蜜罐动态分配ip

set xxx ethernet "dell"

dhcp xxx on eth1

创建动态模版

dynamic xxx

honeyd使用的更多相关文章

  1. honeyd蜜罐配置和web监听脚本

    Honeyd的安装和配置 Honeyd软件依赖于下面几个库及arpd工具: (1)Libevent:是一个非同步事件通知的函数库. 通过使用 libevent,开发者能够设定某些事件发生时所运行的函数 ...

  2. honeyd路由拓扑

    create router //创建路由器模版 set router personality "Cisco 7206 running IOS 11.1(24)" //指纹 add ...

  3. 虚拟蜜罐honeyd安装使用

    转https://blog.csdn.net/jack237/article/details/6828771

  4. centos6-honeyd安装&配置

    安装 需要装 libpcap libevent libdnet 等(!) 有些用的yum,有些下载的安装包手动安装 (wget tar configure make install 非常linux) ...

  5. The Honeynet ProjectThe Honeynet Project

    catalogue . 蜜罐基本概念 . Kippo: SSH低交互蜜罐安装.使用 . Dionaea: 低交互式蜜罐框架部署 . Thug . Amun malware honeypots . Gl ...

  6. 11. IDS (Intrusion detection systems 入侵检测系统 6个)

    Snort该网络入侵检测和防御系统擅长于IP网络上的流量分析和数据包记录. 通过协议分析,内容研究和各种预处理器,Snort可以检测到数千个蠕虫,漏洞利用尝试,端口扫描和其他可疑行为. Snort使用 ...

  7. The Best Hacking Tools

    The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security pro ...

  8. 【传智播客】Libevent学习笔记(一):简介和安装

    目录 00. 目录 01. libevent简介 02. Libevent的好处 03. Libevent的安装和测试 04. Libevent成功案例 00. 目录 @ 01. libevent简介 ...

  9. honeydctl命令

    # honeydctl Honeyd 1.5c Management Console Copyright (c) 2004 Niels Provos. All rights reserved. See ...

随机推荐

  1. fgets注意事项

    这是yjy的习题库,中途我在使用fgest时颇费了一点心思,特此记录一下. #include <stdio.h> #include <string.h> #include &l ...

  2. 用python批量下载图片

    一 写爬虫注意事项 网络上有不少有用的资源, 如果需要合理的用爬虫去爬取资源是合法的,但是注意不要越界,前一阶段有个公司因为一个程序员写了个爬虫,导致公司200多个人被抓,所以先进入正题之前了解下什么 ...

  3. java面试题实战三

    华为优招面试经验. 1.笔试(这部分按照华为以前的风格不会为难人的,认真做AC一道题就可以进面试了,我编程能力一般吧,做了一道半而已,-_-||!) 2.测评(性格测试,不要太偏激就行了) 3.面试分 ...

  4. MSSQL附加数据库时提示以下错误: 无法打开物理文件“***.mdf”。操作系统错误 5:“5(拒绝访问。)”。 (Microsoft SQL Server,错误: 5120)

    MSSQL附加数据库时提示以下错误: 无法打开物理文件“***.mdf”.操作系统错误 5:“5(拒绝访问.)”. (Microsoft SQL Server,错误: 5120) ***** 解决方法 ...

  5. 审阅模式中word保存不了

    word保存不了 觉得有用的话,欢迎一起讨论相互学习~Follow Me 昨天写论文出现一个怪事,发现自己word内容按ctrl+S 进行保存时可以的,但是当按X进行关闭时,出现 关闭不了,问我是否需 ...

  6. BeetlConfiguration扩展配置

    beetl拓展配置类,绑定一些工具类,方便在模板中直接调用 BeetlConfiguration.java public class BeetlConfiguration extends BeetlG ...

  7. Jmeter(一) Jmeter基本使用

    1.下载安装 官方网站 https://jmeter.apache.org/download_jmeter.cgi 选择下载即可 2.基本使用 下载解压后,目录如下: 进入到bin目录, 双击jmet ...

  8. 【Docker学习之三】Docker查找拉取镜像、启动容器、容器使用

    环境 docker-ce-19.03.1-3.el7.x86_64 CentOS 7 一.查找.拉取镜像.启动容器1.查找镜像-docker search默认查找Docker Hub上的镜像,举例:D ...

  9. 初识IO流

    输入输出流,用来进行设备之间的数据传输. 是我们IO传输的数据是以文件的形式体现的,所以Java给我们提供了一个类,Flie用来描文件和目录 File(File parent, String chil ...

  10. 编译器的系统include路径查询

    环境:Ubuntu 18.04.3 LTS 以 aarch64-linux-gnu-gcc 为例,运行如下命令: echo "main(){}" | aarch64-linux-g ...