Thursday, May 24, 2012
Thursday, May 17, 2012
Install Honeyd on Ubuntu
Firstly, open up your terminal. Then update your package listings as shown below:
Eva@Vishal~$ sudo apt-get update
Next, install honeyd and its dependencies using apt-get.
Eva@Vishal~$ sudo apt-get install honeyd honeyd-common
The package “honeyd” contains the actual honeyd service, and “honeyd-common” contains various scripts and extra components that will emulate all of the port services on the virtual honeypots, such as SSH, HTTP, rsh, etc.
My configuration files in /etc/honeypot/
1:honeyd.conf
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create windows
set windows personality "Microsoft Windows XP Professional SP1"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open
set windows ethernet "00:00:24:ab:8c:12"
dhcp windows on eth1
2:fakemachine.conf
create windows
set windows personality "Microsoft Windows XP Professional"
add windows tcp port 80 "sh scripts/web.sh"
add windows tcp port 25 "perl scripts/snmp/fake-snmp.pl"
add windows tcp port 23 "perl scripts/telnet/faketelnet.pl"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows default tcp action reset
set windows default udp action reset
set windows ethernet "00:00:24:ab:8c:12"
bind 192.168.2.50 windows
To load the honeypot(s) into honeyd and deploy them, simply enter the appropriate commands.
Eva@Vishal~$ honeyd -d -f honeypots.conf
The -d parameter forces honeyd not to run in the background as a daemon and dumps any and all output information into the terminal. If you wish to log the data into a file, simply use the -l option.
Eva@Vishal~$ honeyd -d -f honeypots.conf -l log.out
Starting Nmap 5.21 ( http://nmap.org ) at 2012-05-26 21:48 IDT
Interesting ports on 192.168.1.50:
PORT STATE SERVICE
23/tcp open telnet
25/tcp open smtp
80/tcp open http
.
25/tcp open smtp
80/tcp open http
.
.
Now with some Magic commands you can create fakemachines on all empty ip's.
Well you can use this technique to capture ipv4 address , using farpd with honeyd.
Remember No one will be able to connect to your network if you run honeyd on whole network using following command:
honeyd -d -i wlan0 -f /etc/honeypot/myfakemachine.conf 192.168.2.0/24 &
with farpd actively running.
I things thats enough i have already told you just try to figure out by your self and Go and hack Your network before some other guy hack it.
Have Any Question feel free to Comment Below:-)
HoneyD Network Architecture
As can be seen, the design has three distinct network segments:
- Publicly route-able IPs
- Internal network for honeypot hosts
- Virtual network for honeyd guest systems. These IP addresses sit on loopback interface on the host, with a static route on the firewall to pass all virtual traffic to the honeyd host.
Using a perimeter firewall with NAT/PAT capabilities allows easy switching between emulated systems and services if your public IP resources are limited; a large network of guests can be configured in advance and left static, then a quick firewall change is all that is required to expose different systems to the world.
Additionally, as much as honeypot systems are designed to be compromised and collect information of malicious attacks (or perhaps more correctly, because of this) , low-interaction systems like honeyd is designed to avoid full compromise. If something goes wrong and the host system gets fully compromised, a (sufficiently configured) perimeter firewall provides some control of outgoing traffic, limiting the attackers options for using the honeypot sensor to attack other systems.
HoneyD -- A Virtual Honeypot
Introduction
Welcome, fellow hackers! This time, I will review a very nice hacking tool that I really find interesting: honeyd (pronounced “honey-dee” or “honey-daemon”). It is a powerful virtual honeypot tool written by Niels Provos and released as open source under the GNU General Public License, as part of the Honeynet project. It runs on GNU/Linux distributions and *BSD’s.
To anyone who doesn’t know, a honeypot is a public or private computer that is intentionally left insecure, unpatched, without an antivirus or firewall, etc. which actually encourages malicious hackers to attack it. This is a perfect tool for catching potential black-hat network intruders or spammers and monitoring their behavior, or even giving hackers a huge playground to explore andput their networking skills to the test without disrupting others.
If you have the cash, you can even set up multiple honeypots in your home or workplace, which act as convincing “decoy machines” that can help protect your legitimate computers from crackers. Networks like these are called honeynets. Now, let’s back up a bit. Note the keywords in the first sentence: If you have the cash. Setting up a honeynet as a hobbyist can be hard, space-wise and money-wise, but honeyd solves both of these issues completely with a quite revolutionary technology: virtual honeypots.
HoneyD is a Virtual Honeypot
Your typical, run-of-the-mill honeypots are made up of physical computers interlinked together, and finally, to the internet, should you wish. While it is foolproof, works effectively, and makes logging and forensics simple, it can be very costly to set up for a hobbyist, as it requires them to buy many large servers, baby them, and run up the home electric bill. Remember that in most cases, more = better. There is also the additional risk of a malware infection leaking out of a honeypot onto a legitimate computer and destroying it.
The best way to solve this problem virtual honeypot, which is basically a daemon running on one or a several computers that generates virtual honeypot computers and places them on the network. Instead of having to buy and set up multiple physical computers, you now only need one computer which can generate as many virtual honeypots as you wish.
honeyd is an open source application that tries to achieve that goal. Each and every honeypot is defined as a config file that you load and deploy. You can define virtually any aspect of these honeypots with a simple text editor, such as its operating system, ports, and more. Through the “honeyd-common” package, found in most Debian/*buntu repositories, honeyd can emulate a whole slew of port services, such as HTTP, FTP, telnet, rsh, SMTP, and plenty more.
When would a virtual honeypot be used in the real world? Here is an example scenario: a small company has three servers full of important data that it needs to protect vigilantly, as it cannot risk a malicious hacker break-in. All of the servers have an IDS (intrusion detection system) installed. If one of the servers is running honeyd, it will appear to any attackers that there are hundreds of computers on the network, when really there are only three.
The attacker will have to do much more research and perhaps think twice before hacking, for if they make one mistake and attack a honeypot, then the IDS will have them caught red-handed. Their IP address and attack methods will be logged, their port listings and network traffic recorded, and the timeframes noted. Remember that all of the attack’s details can be accessed and observed in real-time from the three legitimate servers running honeyd. It truly is the perfect trap, don’t you think?
Feature List
- Manipulates TCP/IP packets to create the illusion that there is a host on the network.
- At the time of this writing, honeyd supports up to 65,536 hosts at once.
- Convincingly emulates a plethora of port services.
- Can impersonate up to a thousand different operating systems.
- User can define unique virtual hosts using simple config files.
- Lets you catch spammers and network intruders, as well as observe the their behaviors.
- Safe and isolated from the true host computer(s).
Subscribe to:
Posts (Atom)