Honeypots mailing list archives
Re: Simulating web traffic
From: Lorenzo Hernandez Garcia-Hierro <lorenzohgh () tuxedo-es org>
Date: Wed, 16 Jun 2004 15:37:44 +0200
Hi, El mié, 16-06-2004 a las 11:55, Aitor Facio Valero escribió:
Hi, first of all, this is my very first message in securityfocus, but I've been reading several messages from these lists for a while. Good job done here, that's for sure. Now, here goes my question: I want to simulate web traffic directed to a web server. This web server is not "really active"(i.e. nobody visits its web pages , but Apache is running), and I want to provide it with the appearance that several and assorted requests are made to the web server, that is, I want Apache logs to appear as if it is "really active". I've been thinking a couple of ways to implement this: -first of all, manipulate the apache log. I'd prefer this to be my last resort, as it's really unclean, and it could leave traces that Apache log is forged(so I think)
It's not a good idea, it will not be "real" enough to simply add entries to the Apache log. The best way to do what you wanted,in my opinion, is running a web spider as a cron job or from the rc of each system user of the rest of connected machines ( when the user logs in the spider is executed and the time will not appear to be a strictly timed job). Just use one of the spiders available but be sure to modify their UserAgent headers to be randomly changed into "normal" values.
-second IP spoofing: it remains as very challenging for me, even as I've been looking spoofit.h and several examples of it's use -third : now I'm thinking if it could be possible to change IP headers at my firewall so I can change Source IP. I think this could certainly be made, but can not figure how could it exactly be done.
It will end in your confusion when reviewing the logs... You could try to do a logging server ( syslogd supports network remote logging , one machine acts as server and the others connect to it for log their events as clients ).
Any help would be useful. Thanks Aitor Facio Valero
Cheers, -- Lorenzo Hernandez Garcia-Hierro <lorenzohgh () tuxedo-es org>
Attachment:
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
Current thread:
- Simulating web traffic Aitor Facio Valero (Jun 16)
- Re: Simulating web traffic Lorenzo Hernandez Garcia-Hierro (Jun 16)
- Re: Simulating web traffic Valdis . Kletnieks (Jun 16)
- Re: Simulating web traffic Lorenzo Hernandez Garcia-Hierro (Jun 16)
- Re: Simulating web traffic PCSage Information Services (Jun 16)
- Re: Simulating web traffic Valdis . Kletnieks (Jun 16)
- Re: Simulating web traffic Valdis . Kletnieks (Jun 16)
- Re: Simulating web traffic Lorenzo Hernandez Garcia-Hierro (Jun 16)