Honeypots mailing list archives
Re: Project: Multiple service-instances on single h-pot
From: Daniel Roth <d00roth () dtek chalmers se>
Date: Mon, 22 Sep 2003 23:47:29 +0200 (MEST)
On Mon, 22 Sep 2003, oudot wrote:
Daniel Roth a écrit:Hi! Just have som quite brief questions on a project that I and 8 of my friends (all taking a masters degree in computer science) have been ordered to to do. The project in itself is rather complex, but one of the parts involves setting up a honeypot in this way. It is suppose to answer traffic directed to a computer on its inside LAN on ports that aren't open on the particular computer. Furthermore, it shall start up multiple instances of services to diffrent IPs trying to connect to diffrent computers inside. So if an attacker A tries to connect to a ssh service on computer A(which hasn't got any ssh-service) in our LAN the honeypot shall answer with starting up a ssh-service to fool this attacker.just to try to help (architecture ideas) : you could use honeyd and (nat+)port redirection : everything coming to your port 22 on host A is sent to honeyd port 22 (kind of farm of honeypots) [see redirection port and nat rules with your favorite firewall] perhaps that one or more diagrams could help to really understand (or/and explain) your problem if needed.
Well, the thing is, this an already functional network with "sharp" IPs on the inside. For normal traffic, the honeypot, shall be transparent. I don't think that will be any major diffrences to the tips you gave, just other fw-configuration.
Another ssh-service shall be started if attacker B tries the same to an other computer on the LAN. But attacker C shall get access to the same ssh-service as attacker A if he tries to connect to computer A. Hard to describe, hope you all got it.huh ? i think that honeyd should be able to handle thatOn top of that, ftp/telnet/webserver etc shall be simulated the same. Comments about how this could be implemented / architected are more than welcome. What about the performence of this "honeypot"? Anyone tried this before and have any tips? How flexible is the honeyd written today, is it possible to rewrite it to fit our needs? Are there other and better honeypot-deamos?according to me : no :-) have fun, laurent
daniel -- Daniel Roth +46 (0) 7 36 36 29 46 d00roth () dtek chalmers se http://myriad.csbnet.se/jordenrunt/ --
Current thread:
- Question about Dynamic Honeypots. Mahdi samadi (Sep 22)
- Re: Question about Dynamic Honeypots. Patrick Dolan (Sep 22)
- Re: Question about Dynamic Honeypots. Richard Stevens (Sep 22)
- Re: Question about Dynamic Honeypots. Jack Whitsitt (jofny) (Sep 22)
- Project: Multiple service-instances on single h-pot Daniel Roth (Sep 22)
- Re: Project: Multiple service-instances on single h-pot oudot (Sep 22)
- Re: Project: Multiple service-instances on single h-pot Daniel Roth (Sep 22)
- Re: Project: Multiple service-instances on single h-pot oudot (Sep 22)
- Re: Question about Dynamic Honeypots. Plamen Tonev (Sep 22)
- Re: Question about Dynamic Honeypots. oudot (Sep 22)