从僵尸网络追踪到入侵检测 第4章 Honeyd动态模板防御扫描软件攻击二
2016-01-11 12:44
676 查看
Honeyd动态模板防御扫描软件攻击二(注意:红色字的补充)
环境准备
1、防御系统RHEL 6.4 IP 10.10.10.132
2、攻击系统windows 2008R2 ip 10.10.10.134
3、扫描工具:SuperScan 4.0
步骤
1、动态模板配置
root@strom-virtual-machine:~# cat /etc/test.config
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create invisible
set invisible default tcp action block
set invisible default udp action block
set invisible default icmp action block
create linux
set linux personality "Linux 2.4.20"
set linux ethernet "dell"
set linux default tcp action reset
add linux tcp port 21 open
add linux tcp port 80 open
dhcp linux on eth0
create windows
set windows personality "Microsoft Windows NT 4.0 SP3"
set windows ethernet "dell"
set windows default tcp action reset
add windows tcp port 80 open
add windows tcp port 25 open
add windows tcp port 21 open
dhcp windows on eth0
##--动态模板
dynamic magichost
set magichost personality "FreeBSD 4.6"
##--指纹名称根据指纹库来定的这里是虚拟一个FreeBSD的操作系统
set magichost ethernet "dell"
##--给网卡取个名字
add magichost use invisible if source ip = 10.10.10.134
##--invisible if source ip 不让指定地址看到
add magichost otherwise use linux
##--其他的default默认模板使用
dhcp magichost on eth0
dynamic wormhost
set wormhost ethernet "Microsoft"
add wormhost use windows if source os = "windows"
add wormhost use windows if source os = "linux"
add wormhost otherwise use default
dhcp wormhost on eth0
2、运行Honeyd服务
root@strom-virtual-machine:~# honeyd -d -f /etc/test.config
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[2829]: started with -d -f /etc/test.config
honeyd[2829]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:57:d2:b4
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: Demoting process privileges to uid 65534, gid 65534
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.213
honeyd[2829]: Updating ARP binding: 00:c0:4f:fc:72:02 -> 10.10.10.213
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.214
honeyd[2829]: Updating ARP binding: 00:c0:4f:c5:97:52 -> 10.10.10.214
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.215
honeyd[2829]: Updating ARP binding: 00:c0:4f:0e:9b:11 -> 10.10.10.215
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.216
honeyd[2829]: Updating ARP binding: 00:50:f2:97:4e:16 -> 10.10.10.216
honeyd[2829]: arp reply 10.10.10.216 is-at 00:50:f2:97:4e:16
3、攻击系统windows 2008 R2 使用工具进行扫描honeyd防御系统虚拟出来的IP
4、 查看honeyd防御系统的信息
环境准备
1、防御系统RHEL 6.4 IP 10.10.10.132
2、攻击系统windows 2008R2 ip 10.10.10.134
3、扫描工具:SuperScan 4.0
步骤
1、动态模板配置
root@strom-virtual-machine:~# cat /etc/test.config
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create invisible
set invisible default tcp action block
set invisible default udp action block
set invisible default icmp action block
create linux
set linux personality "Linux 2.4.20"
set linux ethernet "dell"
set linux default tcp action reset
add linux tcp port 21 open
add linux tcp port 80 open
dhcp linux on eth0
create windows
set windows personality "Microsoft Windows NT 4.0 SP3"
set windows ethernet "dell"
set windows default tcp action reset
add windows tcp port 80 open
add windows tcp port 25 open
add windows tcp port 21 open
dhcp windows on eth0
##--动态模板
dynamic magichost
set magichost personality "FreeBSD 4.6"
##--指纹名称根据指纹库来定的这里是虚拟一个FreeBSD的操作系统
set magichost ethernet "dell"
##--给网卡取个名字
add magichost use invisible if source ip = 10.10.10.134
##--invisible if source ip 不让指定地址看到
add magichost otherwise use linux
##--其他的default默认模板使用
dhcp magichost on eth0
dynamic wormhost
set wormhost ethernet "Microsoft"
add wormhost use windows if source os = "windows"
add wormhost use windows if source os = "linux"
add wormhost otherwise use default
dhcp wormhost on eth0
2、运行Honeyd服务
root@strom-virtual-machine:~# honeyd -d -f /etc/test.config
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[2829]: started with -d -f /etc/test.config
honeyd[2829]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:57:d2:b4
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: [eth0] trying DHCP
honeyd[2829]: Demoting process privileges to uid 65534, gid 65534
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.213
honeyd[2829]: Updating ARP binding: 00:c0:4f:fc:72:02 -> 10.10.10.213
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.214
honeyd[2829]: Updating ARP binding: 00:c0:4f:c5:97:52 -> 10.10.10.214
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.215
honeyd[2829]: Updating ARP binding: 00:c0:4f:0e:9b:11 -> 10.10.10.215
honeyd[2829]: [eth0] got DHCP offer: 10.10.10.216
honeyd[2829]: Updating ARP binding: 00:50:f2:97:4e:16 -> 10.10.10.216
honeyd[2829]: arp reply 10.10.10.216 is-at 00:50:f2:97:4e:16
3、攻击系统windows 2008 R2 使用工具进行扫描honeyd防御系统虚拟出来的IP
4、 查看honeyd防御系统的信息
相关文章推荐
- 【网络基础】路由表,分组转发算法
- 网络监控系统
- PHP的异步并行网络扩展swoole
- iOS 中client和server的 Web Service 网络通信 (2)
- 浏览器与HTTP网络协议缓存原理分析
- 1.5.3 HTTP HEADERS
- (转) 一次批量重启引发的Neutron网络故障
- HTTPUrlConnection 出现 FileNotFoundException 的问题
- http详解
- linux网络设备—mdio总线
- Android网络请求框架:Volley简单使用
- linux抓包命令-tcpdump命令详解
- 有孚网络获评上海十佳IDC、优秀企业邮箱服务商
- android-x86模拟器中网络设置
- 将 Tor socks 转换成 http 代理
- android MVP模式网络请求
- 将 Tor socks 转换成 http 代理
- 将 Tor socks 转换成 http 代理
- Java CookBook Learning Day4th--HTTP (by Tim O'Brien)
- http504超时错误通过nginx配置处理