module 9 : 誘捕系統實習
DESCRIPTION
Module 9 : 誘捕系統實習. 學習目的. 利用誘捕系統,找出網路中潛在的威脅 本模組共有四個小節包括 (1) 誘捕系統簡介 (2) 誘捕系統工具介紹 (3) 誘捕系統的實務 (4) 誘捕系統的專案 實作. Module 9 : 誘捕系統實習. Module 9-1 :誘捕系統簡介 (*) Module 9-2 :誘捕系統工具介紹 (*) Module 9-3 :誘捕系統的實務 (**) Module 9-4 :誘捕系統的專案實作 (*). * 初級 (basic) :基礎性教材內容 - PowerPoint PPT PresentationTRANSCRIPT
1
(Honeypot)
(Honeypot)
9-*
[ Honeypot]
[ Honeypot]
honeypothoneypothoneypot
9-*
(Honeypot)
Honeyd honeypot IP Honeyd
IT honeypot honeypot honeypot :”honeypothoneypot ” Honeypot
Stealth Monitor
(Honeypot)
- KFSensor
Windows
http://www.keyfocus.net/kfsensor/
WindowsKFSensorFTP SMB POP3 HTTP Telnet
SMTP SOCKSKFSensor
EvenLog
KFSensor
WindowsLinux
HoneydHoneydHoneyd
9-*
*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
9-*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
Nmap
*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
TCPUDPICMP
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
iisemul8.pl cmdexe.pl
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
TCP 139137 Port
UDP 137135 Port
*
9-*
modules
Submission Modules: Disk
9-*
9-*
Nepenthes
http://nepenthes.carnivore.it
http://nepenthes.mwcollect.org
9-*
Nepenthes
XFOCUS Team
http://www.honeyd.org/uploads/honeyd-1.5c.tar.gz
9-*
Arpd:ARP requestsIP arpdIPhoneyd
Arpd:ARP requestsIP arpdIPhoneyd
http://www.honeynet.org.tw/images/stories/Honeypot_tools/honeyd_files/2_libevent-1.4.8-stable.tar.gz
9-*
ftp://fr.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/rrdtool-1.0.50-3.el5.rf.i386.rpm
9-*
Time-Series honeydA useful open source tool for storage and retrieval of time series data.
Honeyd
# yum -y install kernel-headers, kernel, kernel-devel
# yum -y install gcc, glibc , glic-devel gcc-c++, flex, bison, byacc, zlib-devel
9-*
root
9-*
2.eth1eth4
9-*
IP(10.1.1.7)honeydARP spoofingIP,nmaphoneydmacIP
# yum -y update
# yum -y install subversion automake libtool flex bison gcc gcc-c++ curl curl-devel pcre pcre-devel adns adns-devel file libpcap libpcap-devel iptables-devel
# cd /root
# cp /share/isc/Module09/nepenthes-0.2.2.tar.gz .
7-*
http://www.studa.net/network/080430/10052753.html
9-*
(Honeypot)
(Honeypot)
9-*
[ Honeypot]
[ Honeypot]
honeypothoneypothoneypot
9-*
(Honeypot)
Honeyd honeypot IP Honeyd
IT honeypot honeypot honeypot :”honeypothoneypot ” Honeypot
Stealth Monitor
(Honeypot)
- KFSensor
Windows
http://www.keyfocus.net/kfsensor/
WindowsKFSensorFTP SMB POP3 HTTP Telnet
SMTP SOCKSKFSensor
EvenLog
KFSensor
WindowsLinux
HoneydHoneydHoneyd
9-*
*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
9-*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
Nmap
*
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
TCPUDPICMP
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
iisemul8.pl cmdexe.pl
set default default tcp action open
set default default udp action open
set default default icmp action open
add default tcp port 80 "perl /opt/honeyd/scripts/windows/iis/iisemu18.pl"
add default tcp port 23 "perl /opt/honeyd/scripts/windows/cmdexe.pl"
add default tcp port 139 open
add default tcp port 137 open
add default udp port 137 open
add default udp port 135 open
TCP 139137 Port
UDP 137135 Port
*
9-*
modules
Submission Modules: Disk
9-*
9-*
Nepenthes
http://nepenthes.carnivore.it
http://nepenthes.mwcollect.org
9-*
Nepenthes
XFOCUS Team
http://www.honeyd.org/uploads/honeyd-1.5c.tar.gz
9-*
Arpd:ARP requestsIP arpdIPhoneyd
Arpd:ARP requestsIP arpdIPhoneyd
http://www.honeynet.org.tw/images/stories/Honeypot_tools/honeyd_files/2_libevent-1.4.8-stable.tar.gz
9-*
ftp://fr.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/rrdtool-1.0.50-3.el5.rf.i386.rpm
9-*
Time-Series honeydA useful open source tool for storage and retrieval of time series data.
Honeyd
# yum -y install kernel-headers, kernel, kernel-devel
# yum -y install gcc, glibc , glic-devel gcc-c++, flex, bison, byacc, zlib-devel
9-*
root
9-*
2.eth1eth4
9-*
IP(10.1.1.7)honeydARP spoofingIP,nmaphoneydmacIP
# yum -y update
# yum -y install subversion automake libtool flex bison gcc gcc-c++ curl curl-devel pcre pcre-devel adns adns-devel file libpcap libpcap-devel iptables-devel
# cd /root
# cp /share/isc/Module09/nepenthes-0.2.2.tar.gz .
7-*
http://www.studa.net/network/080430/10052753.html
9-*