PowerPoint

HoneynetRouter honeypot ping 100%Router(2.1) ping honeypot(2.2)

2013/3/64Eth0DHCPIPIP?

192.168.2.1192.168.2.2R01wall0pot021vlan2vlan11192.168.2.1192.168.2.2R01wall2pot001vlan2vlan11

2013/3/66CSEPCain&AbelPublic IP()VED10.0.0.2IPSikuliVirtual BoxDETER Lab(DETERCSEPCSEPCSEP)2013/3/63honeypot(2.2) ping Router(2.1)

2013/3/65

Socket

2013/3/677Clickjacking3/5 11:20 p.m.clonevm-create 83 45ca2e8d-1011-4b0a-8a68-0f1dedbf3940connect: No route to host

3/5 11:38 p.m.shutdownvm-shutdown 3a3671e5-8ee8-2f87-89eb-1cd1842ce50dconnect: No route to host

2013/3/68Clickjacking

2013/3/69ClickjackingVictim

2013/3/610Clickjacking

2013/3/611Clickjacking

2013/3/612Clickjacking80%

2013/3/613Cain&Abel

Heap based overflow

Honeynet

Man-in-the-middle attack2013/3/614GUICheck PointWin 7API

Format StringScanningHoneynet

2013/3/615CSS 2013/3/6

162013/3/6TraineeSAMEVEDAPI ServerDBvagentclient1. expCreate(SQL)2. SQLtemp_id?3. temp_id = 804-1. vm-clone 80clone4-2. 0 uuid180TempID: 55100ADECSSvagentservervmcontrollerXENCSEPVM (not yet bootup)5-3. 0 140.115.14.805-1. vm-bootup uuid15-2. csep6-1. reverse tunnelrun6-2. IP 140.115.10.97Port 652087. VM (bootup)172013/3/6TraineeSAMEVEDAPI ServerDBvagentclient1. expCreate(SQL)2. SQLtemp_id?3. temp_id = 804-1. vm-clone 80clone4-2. 0 uuid180TempID: 55100ADECSSvagentservervmcontrollerXENCSEPVM (not yet bootup)5-3. 0 140.115.14.805-1. vm-bootup uuid15-2. csep6-1. reverse tunnelrun6-2. IP 140.115.10.97Port 652087. VM (bootup)

18