1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Using the IIS Emulator with Honeyd
====================================
Install the latest versions of libevent, libdnet, and libpcap:
http://www.monkey.org/~provos/libevent/
http://libdnet.sourceforge.net/
http://www.tcpdump.org/
Install the latest versions of honeyd and arpd:
http://www.citi.umich.edu/u/provos/honeyd/
If you have problems compiling the latest snapshot, fall back to honeyd-0.2
If the compile fails with this error:
Makefile.am: CFLAGS must be set with `=' before using `+='
make: *** [Makefile.in] Error 1
Set the CFLAGS environment variable to a blank string and run make again:
$ export CFLAGS="" && make
To configure a fake IIS server running on port 80 with IP 10.1.1.1:
1. Start arpd and let it answer arp requests for that address:
# arpd 10.1.1.1/32
arpd[19057]: listening on eth0: arp and dst net 10.1.1.1/32 and not ether src xx:xx:xx:xx:xx:xx
2. Edit the honeyd.conf file in the docs directory of this package:
# cat docs/honeyd.conf
annotate "MS Windows2000 Professional RC1/W2K Advance Server Beta3" fragment old
create template
set template personality "MS Windows2000 Professional RC1/W2K Advance Server Beta3"
add template tcp port 80 "perl iisemul8.pl"
set template default tcp action reset
set template uid 32767 gid 32767
bind 10.1.1.1 template
set 10.1.1.1 uptime 1327650
(change the ip, uptime, and uid/gid as you like)
3. Start honeyd:
(assuming honeyd was extracted in ../honeyd)
# honeyd -d -p ../honeyd/nmap.prints -f docs/honeyd.conf 10.1.1.1/32
honeyd[19068]: listening on eth0: (tcp or icmp or udp) and dst net 10.1.1.1/32 and not ether src xx:xx:xx:xx:xx:xx
4. From ANOTHER system, attempt to portscan/browse/ping 10.1.1.1 ;)
|
