Tools/honeyd

From C4 Wiki
< Tools
Revision as of 21:28, 23 April 2005 by Mario Manno (talk | contribs)
Jump to: navigation, search

Example for honeyd.conf

### Microsoft Windows 2003 Server
create windows-2003
set windows-2003 personality "Microsoft Windows 2003 Server"
add windows-2003 tcp port 80 "perl /usr/share/iisemulator/iisemul8.pl"
add windows-2003 tcp port 139 open
add windows-2003 tcp port 137 open
add windows-2003 udp port 137 open
add windows-2003 udp port 135 open
set windows-2003 default tcp action reset
set windows-2003 uid 32767 gid 32767
set windows-2003 uptime 1271650

### Linux 2.4.20 computer
create linux-2.4.20
set linux-2.4.20 personality "Linux 2.4.20 (Red Hat)"
set linux-2.4.20 default tcp action reset
set linux-2.4.20 default udp action reset
add linux-2.4.20 tcp port 21 "sh scripts/ftp.sh"
add linux-2.4.27 tcp port 25 "sh scripts/smtp.sh"
add linux-2.4.27 tcp port 80 proxy 192.168.23.100:80
add linux-2.4.20 tcp port 110 "sh scripts/emulate-pop3.sh"
set linux-2.4.20 uptime 3284460

### Panasonic DP-3520 multi-function printer
create printer
set printer personality "Panasonic DP-3520 multi-function printer"
set printer default tcp action reset
set printer default udp action reset
add printer tcp port 21 open
add printer tcp port 23 open
set printer uptime 284460

### tarpit connections to slow down spammers & automated malware
create sticky 
set sticky personality "Microsoft Windows 2003 Server" 
set sticky default tcp action tarpit open 
set sticky default udp action block 

bind 192.168.23.2 windows-2003
bind 192.168.23.4 linux-2.4.20
bind 192.168.23.5 linux-2.4.20
bind 192.168.23.6 windows-2003
bind 192.168.23.9 printer
bind 192.168.23.13 linux-2.4.20
bind 192.168.23.15 linux-2.4.20
bind 192.168.23.42 sticky

Simulating routing topologies

  • Create entry point is configured: route entry <IP address> [network <network reachable>]
route entry 10.0.0.100 network 10.0.0.0/16
  • Create directly reachable network
route 10.0.0.100 link 10.0.1.0/24
  • Create specified gateway as a new router: route <entry point> add net <network in CIDR>
route 10.0.0.100 add net 10.1.0.0/16 10.0.1.100
  • Things like "latency 50ms loss 0.1 bandwidth 1Mbps" are possible