4. Running
To test our configuration we will first start Honeyd in interactive mode by issuing the following command in a console:
Code:
honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0.0.0 / 8
Details of the parameters:
-D run in interactive mode
-P file of fingerprints
-F file configuration
Code:
someuser @ ~ # honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0.0.0 .............
You will see more information on your terminal that this.
It works a little Ctrl + C to stop the order. We will now start our Honeyd daemon. To do this we will modify the daemon configuration. Edit the file:
Code:
/ Etc / default / honeyd
Initially, the constant must be changed to RUN to start the daemon:
Then specify the interface used and the range of IP addresses of the network:
Code:
INTERFACE = "ath0" NETWORK = 10.0.0.0 / 8
Then start the daemon with the command Honeyd
Code:
/ Etc / init.d / home honeyd
If there are no errors you should get:
Code:
Starting Honeyd daemon: honeyd.
5. Scripts emulation services
To emulate a service running on a virtual machine, Honeyd enables the use of scripts. These can be written in Perl or even a year directly SHELL. Examples of scripts are included with the installation of Honeyd. The various scripts are located in the directory:
Code:
/ Usr / share / honeyd / scripts
For other scripts you can visit the "contributions" on the website Honeypot.
6. Steps to follow
6.1. Checking with a ping
Check if one of our hosts configured responds to a ping command. For more visibility, we will start Honeyd in interactive mode:
Code:
someuser @ ~ # honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0.0.0 /............
You will see more information on your terminal than this
In another console, we will try to ping a host configured:
Code:
someuser @ ~ # ping 10.3.0.1 PING 10.3.0.1 (10.3.0.1) 56 (84) bytes of data. 64 bytes from 10.3.0.1: icmp_seq = 1 ttl = 63 time = 10.0 ms ........
You will see more information on your terminal than this
Honeyd has received our table:
Code:
someuser @ ~ # honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0.0.0 ..............
You will see more information on your terminal than this
6.2. Checking with the use of a script
Check if one of our hosts configured answered the call of a script. For more visibility, we will again start Honeyd in interactive mode:
Code:
someuser @ ~ # honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0.0.0 ..................
You will see more information on your terminal than this
In another console, we will try to access a host configured on port 23:
Code:
someuser @ ~ # telnet 10.3.0.1 23 Trying 10.3.0.1 Connected to 10.3.0.1 ....
Honeyd has received our attempt to access port 23:
Code:
someuser @ ~ # honeyd-d-p / etc / honeypot / nmap.prints-l / var / log / honeypot / honeyd.log-f / etc / honeypot / honeyd.conf-i lo 10.0............
Bookmarks