honeyd可以同时模仿上千个不同的计算机

官网

honeyd-1.5c.tar.gz:http://www.honeyd.org

依赖包

libevent-1.3a.tar.gz:http://libevent.org/

libdnet-1.11.tar.gz:http://libdnet.sourceforge.net/

libpcap:http://www.tcpdump.org/release/

arpd-0.2.tar.gz:http://www.citi.umich.edu/u/provos/honeyd/arpd-0.2.tar.gz

安装

出现如下错误:

# cd arpd

# make

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -I/usr/local/include

-I/usr/local/include -c arpd.c

arpd.c: In function ‘arpd_send’:

arpd.c:268: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_lookup’:

arpd.c:285: error: expected ‘)’ before string constant

arpd.c:294: error: expected ‘)’ before string constant

arpd.c:297: error: expected ‘)’ before string constant

arpd.c: In function ‘arpd_recv_cb’:

arpd.c:426: error: expected ‘)’ before string constant

make: *** [arpd.o] Error 1

解决办法:

//在arpd.c文件中添加

#define __FUNCTION__ ""

出现如下错误:

# cd honeyd-1.5c

# ./configure

configure: error: need either libedit or libreadline; install one of them

解决办法:

# apt-get install libedit-dev

帮助

# honeyd -h

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

Usage: honeyd [OPTIONS] [net ...]

where options include:

  -d                     Do not daemonize, be verbose.

  -P                     Enable polling mode.

  -l logfile             Log packets and connections to logfile.

  -s logfile             Logs service status output to logfile.

  -i interface           Listen on interface.

  -p file                Read nmap-style fingerprints from file.

  -x file                Read xprobe-style fingerprints from file.

  -a assocfile           Read nmap-xprobe associations from file.

  -0 osfingerprints      Read pf-style OS fingerprints from file.

  -u uid                  Set the uid Honeyd should run as.

  -g gid                  Set the gid Honeyd should run as.

  -f configfile          Read configuration from file.

  -c host:port:name:pass Reports starts to collector.

  --webserver-address=address Address on which webserver listens.

  --webserver-port=port  Port on which webserver listens.

  --webserver-root=path  Root of document tree.

  --fix-webserver-permissions Change ownership and permissions.

  --rrdtool-path=path    Path to rrdtool.

  --disable-webserver    Disables internal webserver

  --disable-update       Disables checking for security fixes.

  --verify-config        Verify configuration file then exit.

  -V, --version          Print program version and exit.

  -h, --help             Print this message and exit.

For plugin development:

  --include-dir          Prints out header files directory and exits.

  --data-dir             Prints out data/plug-in directory and exits.

默认配置文件

# cat /etc/honeypot/honeyd.conf 

route entry 10.0.0.1

route 10.0.0.1 link 10.2.0.0/24

route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps

route 10.3.0.1 link 10.3.0.0/24

route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5

route 10.3.1.1 link 10.3.1.0/24

# Example of a simple host template and its binding

create template

set template personality "Microsoft Windows XP Professional SP1"

set template uptime 1728650

set template maxfds 35

# For a complex IIS server

add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"

add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"

add template tcp port 23 proxy $ipsrc:23

add template udp port 53 proxy 141.211.92.141:53

set template default tcp action reset

# Use this if you are not running honeyd as 'honeyd' user:

# Debian-specific (use nobody = 65534 instead of 32767)

# set template uid 65534 gid 65534

create default

set default default tcp action block

set default default udp action block

set default default icmp action block

create router

set router personality "Cisco 1601R router running IOS 12.1(5)"

set router default tcp action reset

add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"

add router tcp port 23 "/usr/share/honeyd/scripts/router-telnet.pl"

bind 10.3.0.1 router

bind 10.3.1.1 router

bind 10.3.1.12 template

bind 10.3.1.11 template

bind 10.3.1.10 template

set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"

set 10.3.1.10 personality "IBM AIX 4.2"

举例

编写一个telnet连接时,使用脚本应答

# vi test.sh

echo SSH-1.5-2.40

while read name

do

    echo "$name"

done

编写一个honeyd启动时,加载的配置

#vi config.sample

create linux    //创建模板名称

set linux personality "Linux 2.4.20"    //设置指纹名称

set linux default tcp action reset 

add linux tcp port 21 open      //打开21端口

add linux tcp port 23 "/home/scripts/test.sh"

bind 192.168.254.131 linux      //为虚拟主机绑定ip

启动arpd

虚拟出ip地址

# arpd 192.168.254.131

arpd[417]: listening on eth4: arp and (dst 192.168.254.131) and not ether src 00:0c:29:b9:5d:31

启动honeyd

# honeyd -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

honeyd[373]: started with -d -f /usr/local/share/honeyd/config.sample 192.168.254.131

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

启动telnet测试

# telnet 192.168.254.131

Trying 192.168.254.131...

Connected to 192.168.254.131.

Escape character is '^]'.

SSH-1.5-2.40

dir

dir

测试成功

honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and

dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31

honeyd[373]: Demoting process privileges to uid 65534, gid 65534

honeyd[373]: Connection request: tcp (192.168.254.1:50408 - 192.168.254.131:23)

honeyd[373]: Connection established: tcp (192.168.254.1:50408 - 192.168.254.131:23) <->

/home/scripts/test.sh

其他命令

为蜜罐动态分配ip

set xxx ethernet "dell"

dhcp xxx on eth1

创建动态模版

dynamic xxx

honeyd使用的更多相关文章

  1. honeyd蜜罐配置和web监听脚本

    Honeyd的安装和配置 Honeyd软件依赖于下面几个库及arpd工具: (1)Libevent:是一个非同步事件通知的函数库. 通过使用 libevent,开发者能够设定某些事件发生时所运行的函数 ...

  2. honeyd路由拓扑

    create router //创建路由器模版 set router personality "Cisco 7206 running IOS 11.1(24)" //指纹 add ...

  3. 虚拟蜜罐honeyd安装使用

    转https://blog.csdn.net/jack237/article/details/6828771

  4. centos6-honeyd安装&配置

    安装 需要装 libpcap libevent libdnet 等(!) 有些用的yum,有些下载的安装包手动安装 (wget tar configure make install 非常linux) ...

  5. The Honeynet ProjectThe Honeynet Project

    catalogue . 蜜罐基本概念 . Kippo: SSH低交互蜜罐安装.使用 . Dionaea: 低交互式蜜罐框架部署 . Thug . Amun malware honeypots . Gl ...

  6. 11. IDS (Intrusion detection systems 入侵检测系统 6个)

    Snort该网络入侵检测和防御系统擅长于IP网络上的流量分析和数据包记录. 通过协议分析,内容研究和各种预处理器,Snort可以检测到数千个蠕虫,漏洞利用尝试,端口扫描和其他可疑行为. Snort使用 ...

  7. The Best Hacking Tools

    The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security pro ...

  8. 【传智播客】Libevent学习笔记(一):简介和安装

    目录 00. 目录 01. libevent简介 02. Libevent的好处 03. Libevent的安装和测试 04. Libevent成功案例 00. 目录 @ 01. libevent简介 ...

  9. honeydctl命令

    # honeydctl Honeyd 1.5c Management Console Copyright (c) 2004 Niels Provos. All rights reserved. See ...

随机推荐

  1. 图解 https 单向认证和双向认证!

    来源: 一.Http HyperText Transfer Protocol,超文本传输协议,是互联网上使用最广泛的一种协议,所有WWW文件必须遵循的标准.HTTP协议传输的数据都是未加密的,也就是明 ...

  2. Git采坑与问题排查

    目录 Case1:代码库中存大文件 Case1:代码库中存大文件 背景 有这种情况,项目运行需要依赖一个文件(比如需要读一个文件中的数据),那么最直接的方式就是将该文件添加到代码中的分支中,然后将分支 ...

  3. Maven多模块工程打包指定模块工程方法

    Maven多模块工程打包指定模块工程执行如下命令: mvn clean package -pl  指定模块工程名 -am 参数说明: -am --also-make 同时构建所列模块的依赖模块:-am ...

  4. LODOP表格水平居中3(宽度为百分比)

    如果一个表格在css样式等中设置了固定的宽度,想要实现表格在纸张中水平居中,可根据固定的宽度设置合适的左边距,如果打印项内容在打印项宽度中居中,可以设置打印项在纸张中居中.方法1:宽度固定,纸张大小固 ...

  5. npm package

    lodash JavaScript 实用工具库,提供一致性,模块化,性能和配件等功能 用npm-run自动化任务 Express 4.x API 中文手册 Handlebars.js 模板引擎 使用n ...

  6. 使用tomcat7-maven-plugin

    2019-01-0714:16:44 功能: (使用maven中的tomcat插件,就可以将tomcat集成到项目中,效果就是:在不同平台中无需配置tomcat就可以直接运行web) 地址: tomc ...

  7. 处理登录时,AJAX的状态码无权限情况

    $.ajaxSetup({ complete: function(XMLHttpRequest, textStatus) { }, error:function(jqXHR,textStatus,er ...

  8. [转帖]亚马逊发布自主64核心ARM处理器:单核性能远超铂金至强

    亚马逊发布自主64核心ARM处理器:单核性能远超铂金至强 https://news.mydrivers.com/1/660/660383.htm 不知道真假 看样子比华为的鲲鹏920 要牛B . 亚马 ...

  9. AntDesign vue学习笔记(一)初始化项目

    最近学习AntDesign组件使用,官方Pro例子集成度太高,不容易学习,将从最基础组件一个一个搭建. 1.创建Vue Cli项目 2.引入ant design组件 $ cnpm i --save a ...

  10. C++和c语言的区别

    在大家眼中c++与C语言很像,但两个有本质的区别,C语言是面向过程的,而C++是面向对象的,下面就给大家梳理梳理. 1.C语言有标准的函数库,它们松散的,只是把功能相同的函数放在一个头文件中:而C++ ...