Chinaunix首页 | 论坛 | 博客
  • 博客访问: 67648
  • 博文数量: 14
  • 博客积分: 1599
  • 博客等级: 上尉
  • 技术积分: 160
  • 用 户 组: 普通用户
  • 注册时间: 2006-06-13 09:39
文章分类
文章存档

2011年(6)

2010年(4)

2008年(4)

分类: 网络与安全

2008-06-05 16:11:13

1.Enriroment

1.1 OS

Centos release 5 (Final) Kernel :2.6.18-8.el5xen

1.2 Prequired libs

pcre-6.6-1.1
pcre-devel-6.6-1.1
libpcap-0.9.4-8.1
libpcap-devel-0.9.4-8.1
(shiped with CentOS DVD)

libevent

./configure --prefix=/usr/local/libevent

libdnet

./configure --prefix=/usr/local/libdnet

Honeyd

2. Install honeyd

wget

tar xfvz honeyd-1.5.c.tar.gz -C working

cd working/honeyd-1.5c

./configure --prefix=/usr/local/honeyd --with-libevent=/usr/local/libevent --with-libdnet=/usr/local/libdnet

make

make install

cp -r /src/working/honeyd-1.5c/scripts /usr/local/honeyd/

3. Configure honeyd

honeyd可以创建出一个网络,我现在需要的只是一个fake port列表,用于做到将真实的服务和虚假的服务放在一起,做到对真正服务的伪装,因此虚拟出一个机器就可以了,配置如下

create windows
set windows personality "Microsoft Windows NT 4.0 SP3"
set windows default tcp action reset
set windows default udp action reset

set windows default tcp action reset
add windows tcp port 22 "/usr/local/honeyd/scripts/test.sh"
add windows tcp port 23 "/usr/local/honeyd/scripts/router-telnet.pl"
add windows tcp port 25 "/usr/local/honeyd/scripts/smtp.pl"
add windows tcp port 80 "/usr/local/honeyd/scripts/web.sh"
add windows tcp port 110 "/usr/local/honeyd/scripts/pop3.sh"
add windows tcp port 21 "/usr/local/honeyd/scripts/ftp.sh"

bind 192.168.0.110 windows

4. Start honeyd

/usr/local/honeyd/bin/honeyd -l /usr/local/honeyd/log/pack -s /usr/local/honeyd/log/service -p /usr/local/honeyd/share/honeyd/nmap.prints -u 500 -g 500 -f /usr/local/honeyd/share/honeyd/my.conf

这时这个192.168.0.110 fake机器就开始工作了,有的文档说要用arpd来响应arp请求,但是我发现我没有启用arpd也可以使用,我想可能和我做的fake在和物理网卡在同一个物理网段的原因,如果不在,应该是需要arpd的,暂时用不上着,没有实验。但是编译的时候出现了错误,找了下,发现没有很好的解决方法,最后找了个rpm上去。


5. Confiugre NAT

iptalbes -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m comment --comment "fake 21" -m tcp --dport 21 -j DNAT --to-destination 192.168.0.110:21

iptalbes -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m comment --comment "fake 22" -m tcp --dport 22 -j DNAT --to-destination 192.168.0.110:22

iptalbes -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m comment --comment "fake 23" -m tcp --dport 23 -j DNAT --to-destination 192.168.0.110:23

6. See what you get.

telnet xxx.xxx.xxx.xxx /* public IP Address */

User Access Verification

Username:

Right!go ahead

7.arpd 的安装

wget

如果安装了iproute 会提示和iproute的arpd冲突,把/usr/sbin/arpd 改名

会提示依赖性错误

warning: arpd-0.2-4.rh9.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
        libdnet.1 is needed by arpd-0.2-4.rh9.rf.i386
        libevent-1.3b.so.1 is needed by arpd-0.2-4.rh9.rf.i386
        libpcap.so.0.6.2 is needed by arpd-0.2-4.rh9.rf.i386

不管,用rpm -Uhv --no-deps 强行安装

/usr/sbin/arpd: error while loading shared libraries: libevent-1.3b.so.1: cannot open shared object file: No such file or directory

下载libevent-1.3b 编译后把lib下的文件cp到/usr/lib下

/usr/sbin/arpd.honey: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
把编译过完成的libdnet下lib下的文件cp到/usr/lib下

然后就可以运行了。

iproute包里面也带来arpd 和这个arpd作用一样不,没有研究。

阅读(4384) | 评论(0) | 转发(0) |
0

上一篇:没有了

下一篇:CentOS上实现PPPOE接入

给主人留下些什么吧!~~