Honeypots mailing list archives
Re: tiny honeypot configuration
From: George Bakos <gbakos () ists dartmouth edu>
Date: Mon, 23 Jun 2003 18:18:57 -0400
On Mon, 23 Jun 2003 11:54:04 -0300 "Daniel Almendra" <danielalmendra () terra com br> wrote:
Hi! I am trying to configure Tiny Honeypot in my house, but I just can't figure out what I'm doing wrong. It just doesn't seem to work! Can someone tell me a way to configure the iptables.rules file and thp.conf file?
The defaults work for most end-user systems. Is there a particular setting that you would like to change and need help with?
How can I test if the honeypot is working fine?
From a different system, you can point a web browser to it and you should
see a default web page. Additionally, you can, as root, run "logthis" with the name of a target responder as a commandline switch. Here's an example test session: [root@www root]# /usr/local/thp/logthis ftp 220 localhost.localdomain FTP server (Version wu-2.6.1-16) ready. user foo 331 Password required for foo pass bar 230 User foo logged in. pwd 257 "/" is current directory. pasv 227 Entering Passive Mode (208,253,154,2,131,165) stor foobar.tgz 150 Opening BINARY mode data connection. 226 Transfer complete. quit 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this session was 2164 bytes in 0 transfers. 221 Thank you for using the FTP service on localhost.localdomain.
Can someone tell me one exploit that can be fooled by thp?
many rpc service buffer overflows such as statdx and dtspcd 7350wurm (wu-ftpd) idiot coattailers scanning for ports 23, 1524, 39168, 60008, etc. With a few lines of Perl, I've thrown together additional responder modules to catch: sqlsnake spybot sub7 kuang2thevirus If you would like some example logs, I'd be happy to share.
Thanks a lot for your attention. I'll appreciate if someone gives me an answer...
If you are still having troubles, I'd be happy to have a look at your configs off-list.
Daniel Almendra
-- George Bakos Institute for Security Technology Studies - IRIA Dartmouth College gbakos () ists dartmouth edu 603.646.0665 -voice 603.646.0666 -fax
Current thread:
- tiny honeypot configuration Daniel Almendra (Jun 23)
- Re: tiny honeypot configuration George Bakos (Jun 23)
- RE: tiny honeypot configuration Gorgon Beast (Jun 23)