Re: Honeyd - Network Rhapsody for You --> Virtual Honeynet

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Luglio 2002 ml@sikurezza.org
Soggetto: Re: Honeyd  - Network Rhapsody for You --> Virtual Honeynet
Mittente: Fabio Pietrosanti (naif)
Data: 18 Jul 2002 19:25:35 -0000

Relativamente alla creazione di honeynet + o - virtuali e' molto ma MOLTO
interessante cio' e' stato implementato attorno a UML ( User Mode Linux ),
ovvero la possibilita' di fare girare un kernel di linux ( praticamente un
sistema virtuale molto simile a VMWARE ) in user space.

Avendo quindi un host che accoglie 1/2/5/10/20 sistemi virtuali ( quanto
occupa un kernel linux con pochi servizi in memoria? poca! ) si possono avere
delle honeynet bellissime, etereogenee e sopratutto con la possibilita' di
loggare direttamente dall'UML tutti i "keystroke" e le schermate tramite una
patch creata appositamente e postata sulla ML Honeypots di SF .

Qualche link di riferimento:

http://pobox.upenn.edu/~clarkmic/
http://user-mode-linux.sourceforge.net
http://user-mode-linux.sourceforge.net
http://www.cis.ohio-state.edu/~hing/honeynet/dl
http://www.securitywriters.org/texts/internet%20security/Virtual_HoneyNet.php

----
http://www.stearns.org/patches/2.4.19-uml-logging-patch

A third (not necessarily better, but different) approach is to get
the kernel to log all data traveling over the pty to a file.  In this
patch to a User-Mode Linux [1] kernel, the kernel logs all keystrokes and
screen output, even if the user is encrypting their traffic!  No
modifications to userspace applications are needed.  The log files are
stored on the hosts hard drive, so the attacker can't delete them, and no
applications inside UML can tell they're being logged.
----

Ciao

On Tue, Jul 16, 2002 at 09:43:55AM +0200, Black Berry wrote:
> http://www.citi.umich.edu/u/provos/honeyd/
> Honeyd is a small daemon that creates virtual hosts on a network.
> The hosts can be configured to run arbitrary services, and their TCP 
> personality
> can be adapted so that they appear to be running certain versions of 
> operating systems.
> Honeyd enables a single host to claim multiple addresses - I have tested up 
> to 65536 - on a LAN for network simulation.

-- 

Fabio Pietrosanti ( naif )
E-mail: naif@blackhats.it - naif@sikurezza.org
PGP Key (DSS) http://naif.itapac.net/naif.asc
--
 "Hacking is the future of security research" R.Power, CSI 
Free advertising: www.openbsd.org Multiplatform Ultra-secure OS

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

In risposta a:
- Honeyd - Network Rhapsody for You, Black Berry

Data:
- precedente: Re: Compatibilit? Stonebeat 3.0 e Cisco2948G-l3, Fabio Pietrosanti (naif)
- successivo: Re: backup rsync, Giorgio Zarrelli
- indice

Argomento:
- precedente: Honeyd - Network Rhapsody for You, Black Berry
- successivo: [Fwd: [p2p-hackers] Call for Papers, Workshop on Privacy EnhancingTechnologies 2003], lorenzo
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005