Upload File

cheatsheet: deployment of an industrial honeypot - incibe-cert · libedit-dev bison flex libtool...

  • Home
  • Documents
  • Cheatsheet: Deployment of an industrial honeypot - INCIBE-CERT · libedit-dev bison flex libtool automake zlib1g-dev python net-tools HONEYD COMPILATION AND INSTALLATION cd Honeyd/./autogen.sh./configure
1
Deployment of an industrial honeypot http:// FTP HONEY INSTALLATION GIT INSTALLATION sudo apt-get install git HONEYD DOWNLOAD git clone https://github.com/DataSoft/Honeyd DEPENDENCIES INSTALLATION sudo apt-get install libevent-dev libdumbnet-dev libpcap-dev libpcre3-dev libedit-dev bison flex libtool automake zlib1g-dev python net-tools HONEYD COMPILATION AND INSTALLATION cd Honeyd/ ./autogen.sh ./configure make CREATION OF DIRECTORY FOR CONFIGURATION FILES cd .. mkdir <path_name> HONEYPOT CONFIGURATION SCADA HONEYNET PROJECT DOWNLOAD http://www.sf.net/projects/scadahoneynet MOVE SCRIPTS DIRECTORY TO HONEYPOT PATH cd <download_path> tar -xvzf <scadahoneynet_file.tar> cp -a ./cernsacadahoneynet/files/scripts <path_name>/scripts This last path will be labeled as <scripts_path> for the following steps. SCRIPT WEB MODIFICATION Edit <scripts_path>/honeyd-http-siemens.py webroot = “/var/cshoneynet/scripts/web-siemens” -> webroot = “<scripts_path>/web-siemens” RENAME AND MODIFY TELNET FILE Inside <scripts_path> cp honeyd-telnet-schneider.py honeyd-telnet-siemens.py Modify honeyd-telnet-siemens.py ÿle: logintext = "\n\rVxWorks login: " -> logintext = “\n\rSiemens Login: ” MODIFY NMAP.ASSOC FILE cat /usr/share/honeyd/nmap-os-db | grep "Siemens\ Simatic\ 300" Add the result (without Fingerprint) to the end of the /usr/share/honeyd/nmap.assoc list. In case it is already there, make sure that it does not remain as a comment. CONFIGURATION FILE Create a conÿguration ÿle (<ÿlename.conf>) inside the directory <path_name> and including the following conÿguration lines: create siemens set siemens ethernet “00:1f:f8:cc:d0:23” set siemens default tcp action closed set siemens default udp action reset set siemens personality “Siemens Simatic 300 programmable logic controller” add siemens tcp port 21 "python <scripts_path>/honeyd-ftp-siemens.py" add siemens tcp port 23 "python <scripts_path>/honeyd-telnet-siemens.py" add siemens tcp port 80 "python <scripts_path>/honeyd-http-siemens.py" add siemens tcp port 102 "python <scripts_path>/honeyd-s7.py" add siemens udp port 161 " python <scripts_path>/honeyd-snmp-siemens.py" add siemens tcp port 502 " python <scripts_path>/honeyd-modbus.py" set siemens uptime <timestamp in seconds> bind <ip_address> siemens HIGH INTERACTION HONEYPOT ATTACKER SERVICES OPERATING SYSTEM RUNNING HONEYD sudo honeyd -d -p nmap-os-db -i <interface> -l <log_name.log> -f <filename.conf> <IP_address_or_subnet> -u 0 -g 0 --disable-webserver

Upload: others

Post on 21-Jul-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cheatsheet: Deployment of an industrial honeypot - INCIBE-CERT · libedit-dev bison flex libtool automake zlib1g-dev python net-tools HONEYD COMPILATION AND INSTALLATION cd Honeyd/./autogen.sh./configure

Deployment of an industrial honeypot

http FTP

HONEY INSTALLATION

GIT INSTALLATION sudo apt-get install git

HONEYD DOWNLOAD git clone httpsgithubcomDataSoftHoneyd

DEPENDENCIES INSTALLATION sudo apt-get install libevent-dev libdumbnet-dev libpcap-dev libpcre3-devlibedit-dev bison flex libtool automake zlib1g-dev python net-tools

HONEYD COMPILATION AND INSTALLATION cd Honeydautogenshconfiguremake

CREATION OF DIRECTORY FOR CONFIGURATION FILES cd mkdir ltpath_namegt

HONEYPOT CONFIGURATION

SCADA HONEYNET PROJECT DOWNLOAD httpwwwsfnetprojectsscadahoneynet

MOVE SCRIPTS DIRECTORY TO HONEYPOT PATH cd ltdownload_pathgttar -xvzf ltscadahoneynet_filetargtcp -a cernsacadahoneynetfilesscripts ltpath_namegtscripts

This last path will be labeled as ltscripts_pathgt for the following steps

SCRIPT WEB MODIFICATION Edit ltscripts_pathgthoneyd-http-siemenspy

webroot = ldquovarcshoneynetscriptsweb-siemensrdquo -gt webroot = ldquoltscripts_pathgtweb-siemensrdquo

RENAME AND MODIFY TELNET FILE Inside ltscripts_pathgt

cp honeyd-telnet-schneiderpy honeyd-telnet-siemenspy

Modify honeyd-telnet-siemenspy yumlle

logintext = nrVxWorks login -gt logintext = ldquonrSiemens Login rdquo

MODIFY NMAPASSOC FILE cat usrsharehoneydnmap-os-db | grep Siemens Simatic 300

Add the result (without Fingerprint) to the end of the usrsharehoneydnmapassoc list In case it is already there make sure that it does not remain as a comment

CONFIGURATION FILE Create a conyumlguration yumlle (ltyumllenameconfgt) inside the directory ltpath_namegt and including the following conyumlguration lines

create siemens set siemens ethernet ldquo001ff8ccd023rdquo set siemens default tcp action closedset siemens default udp action resetset siemens personality ldquoSiemens Simatic 300 programmable logic controllerrdquoadd siemens tcp port 21 python ltscripts_pathgthoneyd-ftp-siemenspyadd siemens tcp port 23 python ltscripts_pathgthoneyd-telnet-siemenspyadd siemens tcp port 80 python ltscripts_pathgthoneyd-http-siemenspyadd siemens tcp port 102 python ltscripts_pathgthoneyd-s7pyadd siemens udp port 161 python ltscripts_pathgthoneyd-snmp-siemenspyadd siemens tcp port 502 python ltscripts_pathgthoneyd-modbuspyset siemens uptime lttimestamp in secondsgtbind ltip_addressgt siemens

HIGH INTERACTION HONEYPOT

ATTACKER

SERVICES

OPERATING SYSTEM

RUNNING HONEYD

sudo honeyd -d -p nmap-os-db -i ltinterfacegt -l ltlog_nameloggt -f ltfilenameconfgtltIP_address_or_subnetgt -u 0 -g 0 --disable-webserver

DEV-35: Modeling Existing ABL Systems with UMLdownload.psdn.com/media/exch_audio/2008/DEV/DEV-35_Mercer-Hu… · DEV-35: Modeling Existing ABL Systems with UML Thomas Mercer-Hursh,

Honeypot Presentation - Using Honeyd

Apache HTTP 2 - documentation.help · .htaccess Server Side Includes (SSI) (public_html) Microsoft Windows Novell NetWare ... Apache 2.0 Apache autoconf libtool Apache 1.3 APACI Apache

DEV-i - Bluetechnixdatasheets.bluetechnix.at/goto/DEV-i.MX6x/archive/DEV-i.MX6x_HUM_… · 2.1.14 MIPI CSI ... The form factor of the DEV-i ... The minimum requirements are 12V @

Autoconf, Automake, Libtool - More Dreams C Come true

UI Evolving Platform Evolving Architecture Evolving · Amazon Go store Ignore Script Dev Desktop Dev Web Dev Mobile App Dev Chatbot Dev Skills Dev IoT Dev. 5 ... Application Connector

Dantracker on a Raspberry PI - 2017 - PA0ESH · autogen libtool sudo libgps-dev bridge-utils git-core libnl-3-dev libnl-genl-3-dev libjson0 ... # Use the nl80211 driver with the brcmfmac

KFSensor Vs Honeyd Honeypot System Sunil Gurung [60-475] Security and Privacy on the Internet

Uso de Honeypots com Honeyd

Auditing Linux Honeyd Honeypot

Build mini - Windows 10 Dev & Cross platform Dev

Condor-dev-latest.jar to Condor-dev-latest-V2- setup.exe (For …guardian.galaxyadvisors.com/releases/Condor-dev-latest... · 2019-08-08 · Condor-dev-latest.jar to Condor-dev-latest-V2-setup.exe

Ten Minutes Bluemix Pitch from Dev to Dev

Professional Development of Teachers Lilian Katz, PhD dev- dev-

STUDENT C - itgstextbook.com · STUDENT C. 6 marks Dev Dev Dev Dev Dev Dev Dev privacy concern reliability NAQ reliability not the concern in A Detailed steps beyond article, appropriate

The GNU Autotools: autoconf, automake, (libtool)

Co FoundCo Founder Dev MVT Final2er Dev MVT Final2

Mellanox OFED for Linux Release Notes apt-get install perl dpkg autotools-dev autoconf libtool auto-make1.10 automake m4 dkms debhelper tcl tcl8.4 chrpath swig graphviz tcl-dev tcl8.4-dev

Iedc ec. dev and workforce dev collaboration

ZoneMinder Documentation - Read the Docs · ZoneMinder Documentation ... dev libswscale-dev libavutil-dev libv4l-dev libtool ffmpeg libnetpbm10-dev libavdevice-dev ... with the manual

Frank Dev of Under Dev

Best of dev learn 2014 management dev

The OpenCV Tutorials · •ffmpeg or libav development packages: libavcodec-dev, libavformat-dev, libswscale-dev; •[optional] libdc1394 2.x; •[optional] libjpeg-dev, libpng-dev,

Use of Honeypot and IP Tracing Mechanism for Prevention of ...Honeyd, HoneyBOT, and Specter Honeypots. . Honeyd: Honeyd is a honeypot for Linux/Unix developed by security researcher

Dev(/)ops ?

Industrial Compressor Pumps DEV-40, DEV-55 & DEV-100

Mellanox OFED for Linux Release Notes - Mellanox ... apt-get install perl dpkg autotools-dev autoconf libtool auto-make1.10 automake m4 dkms debhelper tcl tcl8.4 chrpath swig graphviz

users.suse.comusers.suse.com/~meissner/updates/2010.txt · 2015-03-10Mon Jan 04 2010 ===== MD5: 1232434f1a9adbb5ef92fe6f2b438090 PACKAGES: libtool PRODUCTS: SLED 10 SP3,SLES 10 SP3

Skills dev

Corporate Profile Dev Information Technology Ltd. Dev

DNNDK User Guide - Xilinx...dev libgflags-dev libgoogle-glog-dev libopencv-dev protobuf-compiler libleveldb-dev liblmdb-dev libhdf5-dev libsnappy-dev libboost-all-dev libssl-dev :

Incident Response With Modest Resources€¦ · #LegalSEC19 IR Process: OBSERVE ORIENT DECIDE ACT •SEIM (Security Onion) •AV (ClamAV, Barkly) •Logging (Kiwi) •Honeypot (Honeyd)

INTRODUCTION - No Starch Press · 2019-09-12 · Autotools. Chapter 7 begins with a shared-library primer and then covers some basic Libtool extensions that allow Libtool to be a

DEV-14: Ready to Translate Your Application?download.psdn.com/media/exch_audio/2008/DEV/DEV-14_Wolf.pdf · DEV-14: Ready to Translate Your Application? Martin Wolf, VP Development

getting started guide - people.mech.kuleuven.bepeople.mech.kuleuven.be/~tdelaet/tutorialBFL.pdf · To compile the tutorial examples you will need build tools like automake, libtool,