single-honeypot 0.2-7 review
Downloadsingle-honeypot simulates many services like SMTP, HTTP, POP3, shell, and FTP
|
|
single-honeypot simulates many services like SMTP, HTTP, POP3, shell, and FTP. It can show manydifferent faces, including those of Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
I wanted to register every service imaginable with the portmapper, but didn't like the idea of actually running the daemons necessary and relying on the firewall to keep the connections controllled (some dweeb's voice in my ear kept saying, "defense in depth.") I was going to bang on the sources to portmapper and hardcode everything from /etc/rpc into there, but after I pulled the tarball down, I started reading and saw that pmap_dump and pmap_set would do it all. Cool. Thanks Wietse.
The fakerpc here is derived from RedHat Linux 7.1, Irix 5.3, and Solaris 8's /etc/rpc files, and then built to include lines for versions 1-4 of each rpc program, via both udp and tcp. Start portmapper as normal, but instead of firingup rpc programs, just execute:
"pmap_set < /usr/local/thp/fakerpc".
There's a 1:1 chance that this will break your existing legit rpc services. If you are running rpc services on your firewall/hpot, you should go hang out with those non-IDS types above.
What's New in This Release:
Changes: Pop3 target added and commands of the SMTP target has been added and modified
single-honeypot 0.2-7 keywords