Honeynet with Linksys Switch - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Honeynet with Linksys Switch

  1. #11
    phishphreek - thanks for the offer - I've got the CD, too, so I don't need to bother you for the files. I'll check through the other threads, too, for some faux services I may be interested in running.

    l00p

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'll make one last addition to this thread, I've written some code for some simple things for tutorials, including an SMTP honeypot. I never released the full code (except maybe in addicts), but if it'll help ya out here ya go. It's written in Python and emulates a IIS SMTP Server. It's not very complex and just gives very basic responses, so they'll realize it own't send their mail, however it logs and timestamps the connections and the IP address they come from. With simple python knowledge you could make it write to a file, and adding two or three lines of code would also make it recieve the commands the user types in.


    Code:
    # Demonstrates various methods of importing modules.
    from socket import *
    import string
    import time
    import shlex
    # create a socket of the basic type.
    s = socket(AF_INET, SOCK_STREAM)
    # Query the user for their IP Address and set that and the port
    HOST = raw_input("Enter IP Address to bind socket to: ")
    PORT = 250
    s.bind((HOST, PORT)) # Bind the socket to an IP Address and Port
    while 1:
        s.listen(5) # Have the socket listen for a connection
        (incomingsocket, address) = s.accept() # Accept an incoming connection
        straddress = str(address) # Convert incoming address to a string
        testlist = string.split(straddress, ",") # Split the tuple into lists
        gethost = string.split(testlist[0], "'") # Split the host portion of the list
        getaddr = string.split(testlist[1], ")") # Split the port portion of the list
        host = gethost[1] # Remove just the address from the list
        incomingport = int(getaddr[0]) # Remove just the port from the list
        # define our responses
        banner = "220 desktop Microsoft ESMTP MAIL Service, Version 6.0.2600.1106 ready at " + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + "\r\n"
        error = "500 5.3.3 Unrecognized command"+ "\r\n"
        help = "214-This server supports the following commands: \r\n 214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT VRFY"+ "\r\n"
        helo =  "250 desktop Hello ["+ str(host)+"]"+ "\r\n"
        invalidaddress = "501 5.5.4 Invalid Address"+ "\r\n"
        ehlo = "250 desktop Hello ["+ str(host)+"] \r\n 250-SIZE 2097152 \r\n 250-PIPELINING\r\n 250-DSN \r\n 250-ENHANCEDSTATUSCODES \r\n 250-8bitmime \r\n 250-BINARYMIME \r\n 250-CHUNKING \r\n 250-VRFY \r\n 250 OK \r\n"
        starttls = "554 5.7.3 Unable to initialize security subsystem"+ "\r\n"
        rcpt = "503 5.5.2 Need Mail From: first"+ "\r\n"
        mail = "501 5.5.4 Argument missing"+ "\r\n"
        datamsg = "503 5.5.2 Need mail command."+ "\r\n"
        rset = "250 2.0.0 Resetting"+ "\r\n"
        auth = "501 5.5.4 No mechanism"+ "\r\n"
        vrfy = "252 2.1.5 Cannot VRFY user"+ "\r\n"
        data = ""
        lastchar = ""
        incomingsocket.send(banner) # Send our banner
        # Print connection information to stdout 
        logdata = "Connection attempt on port " + str(PORT) + " from " + str(host) + ":" + str(incomingport) + " @ " + time.strftime("%H:%M:%S - %d %b %Y")
        print logdata
        # define our Warning
        warning = "Illegal Access of this server, your IP [" + host +"] has been logged.\r\n" 
        # Listen for incoming data
        while 1 :
            while 1:
                lastchar = incomingsocket.recv(1024)
                if lastchar == "\n": break
                elif lastchar == "\r\n": break
                else: data = data + lastchar
            if data == "helo" : incomingsocket.send(helo)
            elif data == "ehlo" : incomingsocket.send(ehlo)
            elif data == "help" : incomingsocket.send(help)
            elif data == "starttls" : incomingsocket.send(starttls)
            elif data == "rcpt" : incomingsocket.send(rcpt)
            elif data == "mail" : incomingsocket.send(invalidaddress)
            elif data == "data" : incomingsocket.send(datamsg)
            elif data == "rset" : incomingsocket.send(rset)
            elif data == "auth" : incomingsocket.send(auth)
            elif data == "vrfy" : incomingsocket.send(vrfy)
            elif data == "quit" : break
            else : incomingsocket.send(error)
            data = ""
        #Send the Warning
        incomingsocket.send(warning)
        # Close the socket
        incomingsocket.close
    s.close
    This second piece of code was also posted (I think in addicts) and is for an echo server.

    Code:
    # Demonstrates various methods of importing modules.
    from socket import *
    import string
    import time
    import shlex
    # create a socket of the basic type.
    s = socket(AF_INET, SOCK_STREAM)
    # Query the user for their IP Address and set that and the port
    HOST = raw_input("Enter IP Address to bind socket to: ")
    PORT = 700
    s.bind((HOST, PORT)) # Bind the socket to an IP Address and Port
    while 1:
        s.listen(5) # Have the socket listen for a connection
        (incomingsocket, address) = s.accept() # Accept an incoming connection
        straddress = str(address) # Convert incoming address to a string
        testlist = string.split(straddress, ",") # Split the tuple into lists
        gethost = string.split(testlist[0], "'") # Split the host portion of the list
        getaddr = string.split(testlist[1], ")") # Split the port portion of the list
        host = gethost[1] # Remove just the address from the list
        incomingport = int(getaddr[0]) # Remove just the port from the list
        data = ""
        # Print connection information to stdout 
        logdata = "Connection attempt on port " + str(PORT) + " from " + str(host) + ":" + str(incomingport) + " @ " + time.strftime("%H:%M:%S - %d %b %Y")
        print logdata
        #Send a Banner  
        incomingsocket.send("Welcome to HT's Simple Echo Server - RFC 862\r\n")
        # Listen for incoming data
        while 1 :
            while 1:
                lastchar = incomingsocket.recv(1024)
                if lastchar == "\n": break
                elif lastchar == "\r\n": break
                else: data = data + lastchar
            incomingsocket.send(data)
            incomingsocket.send("\r\n")
            if data == "quit\r\n" : break
            if data == "quit\n" : break
            data = ""
        # Close the socket
        incomingsocket.close
    s.close
    These may or may not be useful to you, but they should provide you with a starting ground that will at least open a few ports and return a few banners to the attacker, as well as simulating the basics of the respective daemons they are trying to emulate.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides