honeyd可以同时模仿上千个不同的计算机

官网

honeyd-1.5c.tar.gz:http://www.honeyd.org

依赖包

libevent-1.3a.tar.gz:http://libevent.org/

libdnet-1.11.tar.gz:http://libdnet.sourceforge.net/

libpcap:http://www.tcpdump.org/release/

arpd-0.2.tar.gz:http://www.citi.umich.edu/u/provos/honeyd/arpd-0.2.tar.gz

安装

出现如下错误:

# cd arpd

# make

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -I/usr/local/include

-I/usr/local/include -c arpd.c

arpd.c: In function ‘arpd_send’:

arpd.c:268: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_lookup’:

arpd.c:285: error: expected ‘)’ before string constant

arpd.c:294: error: expected ‘)’ before string constant

arpd.c:297: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_recv_cb’:

arpd.c:426: error: expected ‘)’ before string constant

make: *** [arpd.o] Error 1

解决办法:

//在arpd.c文件中添加

#define __FUNCTION__ ""

出现如下错误:

# cd honeyd-1.5c

# ./configure

configure: error: need either libedit or libreadline; install one of them

解决办法:

# apt-get install libedit-dev

帮助

# honeyd -h

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

Usage: honeyd [OPTIONS] [net ...]

where options include:

  -d                     Do not daemonize, be verbose.

  -P                     Enable polling mode.

  -l logfile             Log packets and connections to logfile.

  -s logfile             Logs service status output to logfile.

  -i interface           Listen on interface.

  -p file                Read nmap-style fingerprints from file.

  -x file                Read xprobe-style fingerprints from file.

  -a assocfile           Read nmap-xprobe associations from file.

  -0 osfingerprints      Read pf-style OS fingerprints from file.

  -u uid                  Set the uid Honeyd should run as.

  -g gid                  Set the gid Honeyd should run as.

  -f configfile          Read configuration from file.

  -c host:port:name:pass Reports starts to collector.

  --webserver-address=address Address on which webserver listens.

  --webserver-port=port  Port on which webserver listens.

  --webserver-root=path  Root of document tree.

  --fix-webserver-permissions Change ownership and permissions.

  --rrdtool-path=path    Path to rrdtool.

  --disable-webserver    Disables internal webserver

  --disable-update       Disables checking for security fixes.

  --verify-config        Verify configuration file then exit.

  -V, --version          Print program version and exit.

  -h, --help             Print this message and exit.

For plugin development:

  --include-dir          Prints out header files directory and exits.

  --data-dir             Prints out data/plug-in directory and exits.

默认配置文件

# cat /etc/honeypot/honeyd.conf 

route entry 10.0.0.1

route 10.0.0.1 link 10.2.0.0/24

route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps

route 10.3.0.1 link 10.3.0.0/24

route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5

route 10.3.1.1 link 10.3.1.0/24

# Example of a simple host template and its binding

create template

set template personality "Microsoft Windows XP Professional SP1"

set template uptime 1728650

set template maxfds 35

# For a complex IIS server

add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"

add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"

add template tcp port 23 proxy $ipsrc:23

add template udp port 53 proxy 141.211.92.141:53

set template default tcp action reset

# Use this if you are not running honeyd as 'honeyd' user:

# Debian-specific (use nobody = 65534 instead of 32767)

# set template uid 65534 gid 65534

create default

set default default tcp action block

set default default udp action block

set default default icmp action block

create router

set router personality "Cisco 1601R router running IOS 12.1(5)"

set router default tcp action reset

add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"

add router tcp port 23 "/usr/share/honeyd/scripts/router-telnet.pl"

bind 10.3.0.1 router

bind 10.3.1.1 router

bind 10.3.1.12 template

bind 10.3.1.11 template

bind 10.3.1.10 template

set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"

set 10.3.1.10 personality "IBM AIX 4.2"

举例

编写一个telnet连接时,使用脚本应答

# vi test.sh

echo SSH-1.5-2.40

while read name

do

    echo "$name"

done

编写一个honeyd启动时,加载的配置

#vi config.sample

create linux    //创建模板名称

set linux personality "Linux 2.4.20"    //设置指纹名称

set linux default tcp action reset 

add linux tcp port 21 open      //打开21端口

add linux tcp port 23 "/home/scripts/test.sh"

bind 192.168.254.131 linux      //为虚拟主机绑定ip

启动arpd

虚拟出ip地址

# arpd 192.168.254.131

arpd[417]: listening on eth4: arp and (dst 192.168.254.131) and not ether src 00:0c:29:b9:5d:31

启动honeyd

# honeyd -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

honeyd[373]: started with -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

启动telnet测试

# telnet 192.168.254.131

Trying 192.168.254.131...

Connected to 192.168.254.131.

Escape character is '^]'.

SSH-1.5-2.40

dir

dir

测试成功

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

honeyd[373]: Connection request: tcp (192.168.254.1:50408 - 192.168.254.131:23)

honeyd[373]: Connection established: tcp (192.168.254.1:50408 - 192.168.254.131:23) <->

/home/scripts/test.sh

其他命令

为蜜罐动态分配ip

set xxx ethernet "dell"

dhcp xxx on eth1

创建动态模版

dynamic xxx

honeyd使用的更多相关文章

  1. honeyd蜜罐配置和web监听脚本

    Honeyd的安装和配置 Honeyd软件依赖于下面几个库及arpd工具: (1)Libevent:是一个非同步事件通知的函数库. 通过使用 libevent,开发者能够设定某些事件发生时所运行的函数 ...

  2. honeyd路由拓扑

    create router //创建路由器模版 set router personality "Cisco 7206 running IOS 11.1(24)" //指纹 add ...

  3. 虚拟蜜罐honeyd安装使用

    转https://blog.csdn.net/jack237/article/details/6828771

  4. centos6-honeyd安装&配置

    安装 需要装 libpcap libevent libdnet 等(!) 有些用的yum,有些下载的安装包手动安装 (wget tar configure make install 非常linux) ...

  5. The Honeynet ProjectThe Honeynet Project

    catalogue . 蜜罐基本概念 . Kippo: SSH低交互蜜罐安装.使用 . Dionaea: 低交互式蜜罐框架部署 . Thug . Amun malware honeypots . Gl ...

  6. 11. IDS (Intrusion detection systems 入侵检测系统 6个)

    Snort该网络入侵检测和防御系统擅长于IP网络上的流量分析和数据包记录. 通过协议分析,内容研究和各种预处理器,Snort可以检测到数千个蠕虫,漏洞利用尝试,端口扫描和其他可疑行为. Snort使用 ...

  7. The Best Hacking Tools

    The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security pro ...

  8. 【传智播客】Libevent学习笔记(一):简介和安装

    目录 00. 目录 01. libevent简介 02. Libevent的好处 03. Libevent的安装和测试 04. Libevent成功案例 00. 目录 @ 01. libevent简介 ...

  9. honeydctl命令

    # honeydctl Honeyd 1.5c Management Console Copyright (c) 2004 Niels Provos. All rights reserved. See ...

随机推荐

  1. eclipse中自定义注释模板

    eclipse中自定义注释模板 2018年10月09日 10:51:27 lm_y 阅读数 857更多 分类专栏: java Java   编辑注释模板的方法:Window->Preferenc ...

  2. 029_H5打包编译成IOS

    由于需要H5编写的应用在iPhone上使用,所以有了以下的需求 一. (1)下载npm,官网: http://nodejs.org/ 下载nodejs安装包 Reference:https://jin ...

  3. requests库学习案例

    requests库使用流程 使用流程/编码流程 1.指定url 2.基于requests模块发起请求 3.获取响应对象中的数据值 4.持久化存储 分析案例 需求:爬取搜狗首页的页面数据 # 爬取搜狗首 ...

  4. 工控随笔_C#连接PLC_之_C#入门_01_配置学习环境

    最近在做一个东西,需要用到通用开发语言开发一个软件来读取PLC的内容,这方面的难点在于解析PLC利用 以太网通讯的通讯协议,而一般的PLC厂商对自己的协议是封闭的,对一般的开发者是不开放的,虽然可以通 ...

  5. EasyNVR网页摄像机无插件H5、谷歌Chrome直播方案之使用ffmpeg保存快照数据方法与代码

    背景分析 EasyNVR主要功能模块有设备发现与接入.实时直播.摄像机控制.录像与管理.设备快照与状态维护.第三方平台对接,其中设备快照与状态维护主要包括定时检测通道设备的在线状态.定时对通道摄像机进 ...

  6. 共享和独享IP的VPS的区别?

    共享IP的VPS主机: 顾名思义,共享IP的VPS主机的最大特性即是若干VPS主机用户共享同一个公网IP地址,此目的显然是节省有限的IP地址资源,有效应对Ipv4枯竭的问题.其基本原理是,所有VPS主 ...

  7. 做JAVA的需要了解的框架

    spring netty Elasticsearch Eureka Hystrix 接口的依赖性管理 Zuul Config Bus ActiveMQ redis zookper quartz had ...

  8. linux驱动开发学习二:创建一个阻塞型的字符设备

    在Linux 驱动程序中,可以使用等待队列来实现阻塞进程的唤醒.等待队列的头部定义如下,是一个双向列表. struct list_head { struct list_head *next, *pre ...

  9. Content-type"是"application/json的作用

    request中发送json数据用post方式发送Content-type用application/json;charset=utf-8方式发送的话,直接用springMVC的@RequestBody ...

  10. 【剑指offer】数组中只出现一次的数

    题目描述 一个整型数组里除了两个数字之外,其他的数字都出现了两次.请写程序找出这两个只出现一次的数字. 分析: 经典的异或技巧题 两个相同的数字异或的结果为0,一个数和0异或的结果是其本身,假设现在那 ...