Con­fig­ur­ing honeyd to mimic Win­dows XP SP1

OpenSource For You - - ADMIN -

set winxp per­son­al­ity "Mi­crosoft Win­dows XP Pro­fes­sional SP1" set winxp de­fault tcp ac­tion block set winxp de­fault udp ac­tion block set winxp de­fault icmp ac­tion re­set set winxp up­time 1234567 add winxp tcp port 135 open add winxp tcp port 139 open add winxp tcp port 445 open set winxp eth­er­net "in­tel" dhcp winxp on eth0 o con gure static P on eth0 comment the dhcp com­mand and en­able bind com­mand as fol­lows: # bind ipad­dress winxp Re­mem­ber man­u­fac­turer’s ID num­ber. The com­mand:

set winxp eth­er­net "in­tel"

Semi­con­duc­tor to the honey­pot. The other com­mands are self un­der dae­mon mode, use the fol­low­ing com­mand:

sudo honeyd –d –f winxp.conf

Us­ing the dae­mon mode will en­able you to see all the net­work re­quests and cor­re­spond­ing re­sponses on the screen of the honey­pot sys­tem.

Fig­ures 3 and 4 show the re­sults of scan­ning Win­dows’ honey­pot by nmap.

The im­por­tant points to con­sider in the screen­shots in The process is be­ing de­moted from root level IP ad­dress is re­ceived from the DHCP server The es­tab­lish­ment of ARP bind­ing to In­tel’s MAC ad­dress Var­i­ous ARP re­sponses syn­chro­ni­sa­tion. There is at least one sys­tem us­ing Drop­box in this net­work. The honey­pot re­sponds to it by clos­ing the con­nec­tion, since UDP port re­quests are blocked.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.