Forum Sementara Putera.com

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    honeyd as low and high interaction honeynet system

    avatar
    honeyd
    Ahli Baharu
    Ahli Baharu


    Number of posts : 1
    Registration date : 18/12/2009

    honeyd as low and high interaction honeynet system Empty honeyd as low and high interaction honeynet system

    Post by honeyd Fri Dec 18, 2009 6:12 pm

    http://www.honeyd.org/
    http://www.laurentconstantin.com/en/netw/netwox/
    ni sebahagian sample how create simple configuration dan pengunann netwox
    netwox adalah simple tool fast to create virtual ip dan mac address tak sama dgn proxy arp yg biasa iaitu different ip with same mac address cth dibawah:
    #
    netwox 73 --device "eth0" --ips "192.168.1.30" --eths "0🅰b:c:d:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.31" --eths "0🅰b:c:d:2" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.34" --eths "0🅰b:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.50" --eths "a🅰b:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.52" --eths "0🅱b:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.53" --eths "0:1:1:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.54" --eths "a🅰b:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.67" --eths "2:2:b:c:1:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.68" --eths "0🅰b:c:f:f" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.69" --eths "a🅰b:f:e:1" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.70" --eths "0🅰b🅰a:b" -a -p
    netwox 73 --device "eth0" --ips "192.168.1.71" --eths "b:1:a:c:1:1" -a -p
    seterus follow bind ip seterusnye..macc address boleh custom
    dan seterusnye anda bindingkan ke eth0
    buat cmd ni utk lognye
    touch /var/log/honeyd
    chown 99:99 /var/log/honeyd
    chmod 750 /var/log/honeyd

    ni configuration nye
    #honeyd-ethernet
    create template
    set template personality "Linux 2.4.7 (X86)"
    set template default tcp action block
    set template default udp action block
    set template default icmp action block
    add template tcp port 21 proxy 192.168.1.1:23
    add template tcp port 53 open
    bind 192.168.1.30 template


    create sticky
    set sticky personality "Apple Mac OS 7.1"
    set sticky default tcp action tarpit open
    set sticky default udp action block
    bind 192.168.1.31 sticky

    create zamani
    set zamani personality "Microplex Print Server"
    set zamani default tcp action block
    set zamani default udp action block
    set zamani default icmp action block
    add zamani tcp port 21 open
    add zamani tcp port 53 open
    bind 192.168.1.50 zamani

    create ali
    set ali personality "Novell Netware 5.x"
    set ali default tcp action block
    set ali default udp action block
    set ali default icmp action block
    add ali tcp port 11 open
    add ali tcp port 53 open
    bind 192.168.1.52 ali

    create ahmad
    set ahmad personality "Minix 32-bit/Intel 2.0.0"
    set ahmad default tcp action block
    set ahmad default udp action block
    set ahmad default icmp action block
    add ahmad tcp port 22 open
    add ahmad tcp port 80 open
    bind 192.168.1.53 ahmad

    create profile1
    set profile1 personality "Okidata 7200 Printer"
    set profile1 default tcp action block
    set profile1 default udp action block
    set profile1 default icmp action block
    add profile1 tcp port 23 open
    #
    bind 192.168.1.34 profile1

    create mona
    set mona personality "NEC UX/4800"
    set mona default tcp action block
    set mona default udp action block
    set mona default icmp action block
    add mona tcp port 22 open
    add mona tcp port 80 open
    bind 192.168.1.54 mona

    #dynamic honeynet(Time Based)
    dynamic magichost
    add magichost use template if time between 3:00pm - 3:01pm
    add magichost use zamani if time between 3:02pm - 3:03pm
    add magichost use profile1 if time between 3:04pm - 3:05pm
    add magichost use sticky if time between 3:06pm - 3:07pm
    add magichost otherwise use zamani
    bind 192.168.1.71 magichost


    #dynamic honeynet(Source Ip)
    dynamic magichost2
    add magichost2 use template if source ip = 192.168.1.78
    add magichost2 use zamani if source ip = 192.168.1.23
    add magichost2 use sticky if source ip = 192.168.1.10
    add magichost2 use mona if source ip = 192.168.1.65
    add magichost2 use ahmad if source ip = 192.168.1.55
    add magichost otherwise use zamani
    bind 192.168.1.70 magichost2


    #dynamic honeynet(Source OS)
    dynamic magichost3
    add magichost3 use template if source os = "sunos"
    add magichost3 use zamani if source os = "linux"
    add magichost3 use ahmad if source os = "windows"
    add magichost3 use mona if source os = "freebsd"
    add magichost3 use ali if source os = "openbsd"
    add magichost3 use profile1 if source os = "cisco"
    add magichost otherwise use sticky
    bind 192.168.1.69 magichost3


    #dynamic honeynet(Src os + src ip)
    dynamic magichost4
    add magichost4 use template if source os = "sunos"
    add magichost4 use zamani if source ip = 192.168.1.21
    add magichost4 use profile1 if source os = "linux"
    add magichost4 use ali if source ip = 192.168.1.22
    add magichost4 use ahmad if source os = "freebsd"
    add magichost4 use ali if source ip = 192.168.1.23
    add magichost4 use mona if source os = "windows"
    add magichost4 use zamani if source ip = 192.168.1.24
    add magichost4 use ali if source os = "freebsd"
    add magichost4 use ahmad if source ip = 192.168.1.25
    add magichost4 use ali if source os = "openbsd"
    add magichost4 use zamani if source ip = 192.168.1.26
    add magichost4 use profile1 if source os = "cisco"
    add magichost4 use zamani if source ip = 192.168.1.27
    add magichost otherwise use sticky
    bind 192.168.1.68 magichost4


    #dynamic honeynet(Src os + src ip)
    dynamic magichost4
    add magichost4 use template if source os = "sunos"
    add magichost4 use zamani if source ip = 192.168.1.21
    add magichost4 use profile1 if source os = "linux"
    add magichost4 use ali if source ip = 192.168.1.22
    add magichost4 use ahmad if source os = "freebsd"
    add magichost4 use ali if source ip = 192.168.1.23
    add magichost4 use mona if source os = "windows"
    add magichost4 use zamani if source ip = 192.168.1.24
    add magichost4 use ali if source os = "freebsd"
    add magichost4 use ahmad if source ip = 192.168.1.25
    add magichost4 use ali if source os = "openbsd"
    add magichost4 use zamani if source ip = 192.168.1.26
    add magichost4 use profile1 if source os = "cisco"
    add magichost4 use zamani if source ip = 192.168.1.27
    add magichost otherwise use sticky
    bind 192.168.1.67 magichost4

    then runkan cmd
    honeyd -i eth0 -p nmap.prints -f config.ethernet -x xprobe2.conf -a nmap.assoc -O pf.os -g 99 -u 99 -l /var/log/honeyd 192.168.1.0/24

    then tgk log dgn cmd tail -f /var/log/honeyd
    utk verified rules digalakan guna unicornscan sebab dia boleh inject syn with 7 os finngerprinting so easy nak create rule/algoritm.

    tools sudah ade dlm ...jadi lebih mudahkan..http://networksecuritytoolkit.org/nst/index.html
    algrothima boleh design sendiri..
    objective
    1.dynamic port scan change
    2.dynamic os fingerprinting
    3.transparent access to server by using different method from packet filter teknik
    spt
    source os---xp--openbsd--linux -aix
    source os + source ip
    time based + source os

      Current date/time is Fri Mar 29, 2024 5:49 am