Nesta segunda parte do artigo, como prometido, irei falar do Honeypot, que juntamente com o Snort, forma uma ótima dupla para estudo de ataques e invasões à servidores. Confere aí, vale a pena!!!
O primeiro artigo desta série (Configurando o IDS - Snort/Honeypot)
foi iniciado com o Snort, um dos melhores IDS do mercado. Agora
venho complementá-lo com o Honeypot, uma ferramenta que tem como
principal função colher informações para estudo de ataques.
O projeto Honeypot original (www.honeynet.org) é uma organização internacional composta de trinta membros da
comunidade de segurança de diversos países como: Canadá, Israel,
Países Baixos, Alemanha, Austrália, e Estados Unidos.
Temos também a versão Brasileira (www.honeypot.com.br), que foi iniciada pelo professor Antonio Marcelo, especialista em segurança.
Para maiores detalhes sobre estes projetos, acessem os endereços acima.
[1] Comentário enviado por fabio em 11/10/2003 - 11:14h
Excelente artigo! Sem dúvidas essa técnica de confundir o fingerprinting executado pela pessoa que está tentando invadir seu servidor é eficaz, pois se o cracker não souber o sistema operacional ou os softwares que você está usando, como ele usará um exploit ou algo parecido para ganhar acesso? Legal!
[2] Comentário enviado por cmarcelo em 18/04/2004 - 01:08h
Gostei muito do artigo, não vejo a hora de ve-lo funcionando aqui, mas na quando eu vou compilar. estou tendo o seguinte erro:
gcc -DHAVE_CONFIG_H -I. -I. -I. -I./ -I./compat -I/usr/include/python2.2 -I/usr/local/include -I/usr/local/include -I/usr/local/include -O2 -Wall -g -DPATH_HONEYDINCLUDE="\"/usr/local/include/honeyd\"" -DPATH_HONEYDDATA="\"/usr/local/share/honeyd\"" -DPATH_HONEYDLIB="\"/usr/local/lib/honeyd\"" -DHONEYD_PLUGINS_DECLARE="" -DHONEYD_PLUGINS="" -c pyextend.c
pyextend.c:62:20: Python.h: Arquivo ou diretório não encontrado
pyextend.c:82: parse error before "PyObject"
pyextend.c:82: warning: no semicolon at end of struct or union
pyextend.c:83: warning: type defaults to `int' in declaration of `pFuncReadData'
pyextend.c:83: warning: data definition has no type or storage class
pyextend.c:84: parse error before '*' token
pyextend.c:84: warning: type defaults to `int' in declaration of `pFuncWriteData'
pyextend.c:84: warning: data definition has no type or storage class
pyextend.c:85: parse error before '*' token
pyextend.c:85: warning: type defaults to `int' in declaration of `pFuncEnd'
pyextend.c:85: warning: data definition has no type or storage class
pyextend.c:86: parse error before '}' token
pyextend.c: In function `pye_compare':
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c:93: dereferencing pointer to incomplete type
pyextend.c: In function `pyetree_SPLAY_NEXT':
pyextend.c:96: dereferencing pointer to incomplete type
pyextend.c:96: dereferencing pointer to incomplete type
pyextend.c:96: dereferencing pointer to incomplete type
pyextend.c:96: dereferencing pointer to incomplete type
pyextend.c: In function `pyetree_SPLAY_INSERT':
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c: In function `pyetree_SPLAY_REMOVE':
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c: In function `pyetree_SPLAY':
pyextend.c:97: storage size of `__node' isn't known
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: warning: unused variable `__node'
pyextend.c: In function `pyetree_SPLAY_MINMAX':
pyextend.c:97: storage size of `__node' isn't known
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: dereferencing pointer to incomplete type
pyextend.c:97: warning: unused variable `__node'
pyextend.c: At top level:
pyextend.c:107: parse error before "PyObject"
pyextend.c:107: warning: no semicolon at end of struct or union
pyextend.c:122: parse error before '}' token
pyextend.c:124: parse error before '*' token
pyextend.c:124: parse error before '*' token
pyextend.c:124: warning: type defaults to `int' in declaration of `pyextend_readselector'
pyextend.c:124: warning: data definition has no type or storage class
pyextend.c:125: parse error before '*' token
pyextend.c:125: parse error before '*' token
pyextend.c:125: warning: type defaults to `int' in declaration of `pyextend_writeselector'
pyextend.c:125: warning: data definition has no type or storage class
pyextend.c:126: parse error before '*' token
pyextend.c:126: parse error before '*' token
pyextend.c:126: warning: type defaults to `int' in declaration of `pyextend_log'
pyextend.c:126: warning: data definition has no type or storage class
pyextend.c:128: parse error before "HoneydMethods"
pyextend.c:128: warning: type defaults to `int' in declaration of `HoneydMethods'
pyextend.c:129: warning: braces around scalar initializer
pyextend.c:129: warning: (near initialization for `HoneydMethods[0]')
pyextend.c:129: warning: initialization makes integer from pointer without a cast
pyextend.c:129: warning: excess elements in scalar initializer
pyextend.c:129: warning: (near initialization for `HoneydMethods[0]')
pyextend.c:129: `METH_VARARGS' undeclared here (not in a function)
pyextend.c:129: warning: excess elements in scalar initializer
pyextend.c:129: warning: (near initialization for `HoneydMethods[0]')
pyextend.c:130: warning: excess elements in scalar initializer
pyextend.c:130: warning: (near initialization for `HoneydMethods[0]')
pyextend.c:131: warning: braces around scalar initializer
pyextend.c:131: warning: (near initialization for `HoneydMethods[1]')
pyextend.c:131: warning: initialization makes integer from pointer without a cast
pyextend.c:131: warning: excess elements in scalar initializer
pyextend.c:131: warning: (near initialization for `HoneydMethods[1]')
pyextend.c:131: `METH_VARARGS' undeclared here (not in a function)
pyextend.c:131: warning: excess elements in scalar initializer
pyextend.c:131: warning: (near initialization for `HoneydMethods[1]')
pyextend.c:132: warning: excess elements in scalar initializer
pyextend.c:132: warning: (near initialization for `HoneydMethods[1]')
pyextend.c:133: warning: braces around scalar initializer
pyextend.c:133: warning: (near initialization for `HoneydMethods[2]')
pyextend.c:133: warning: initialization makes integer from pointer without a cast
pyextend.c:133: warning: excess elements in scalar initializer
pyextend.c:133: warning: (near initialization for `HoneydMethods[2]')
pyextend.c:133: `METH_VARARGS' undeclared here (not in a function)
pyextend.c:133: warning: excess elements in scalar initializer
pyextend.c:133: warning: (near initialization for `HoneydMethods[2]')
pyextend.c:134: warning: excess elements in scalar initializer
pyextend.c:134: warning: (near initialization for `HoneydMethods[2]')
pyextend.c:135: warning: braces around scalar initializer
pyextend.c:135: warning: (near initialization for `HoneydMethods[3]')
pyextend.c:135: warning: initialization makes integer from pointer without a cast
pyextend.c:135: warning: excess elements in scalar initializer
pyextend.c:135: warning: (near initialization for `HoneydMethods[3]')
pyextend.c:135: warning: excess elements in scalar initializer
pyextend.c:135: warning: (near initialization for `HoneydMethods[3]')
pyextend.c:135: warning: excess elements in scalar initializer
pyextend.c:135: warning: (near initialization for `HoneydMethods[3]')
pyextend.c:136: warning: data definition has no type or storage class
pyextend.c:140: parse error before '*' token
pyextend.c:141: parse error before '*' token
pyextend.c:142: warning: return type defaults to `int'
pyextend.c: In function `pyextend_log':
pyextend.c:144: dereferencing pointer to incomplete type
pyextend.c:147: warning: implicit declaration of function `PyArg_ParseTuple'
pyextend.c:147: `args' undeclared (first use in this function)
pyextend.c:147: (Each undeclared identifier is reported only once
pyextend.c:147: for each function it appears in.)
pyextend.c:154: warning: implicit declaration of function `Py_BuildValue'
pyextend.c:154: warning: return makes pointer from integer without a cast
pyextend.c: At top level:
pyextend.c:157: parse error before '*' token
pyextend.c:158: parse error before '*' token
pyextend.c:159: warning: return type defaults to `int'
pyextend.c: In function `pyextend_selector':
pyextend.c:162: `args' undeclared (first use in this function)
pyextend.c:167: `ev' undeclared (first use in this function)
pyextend.c:171: warning: return makes pointer from integer without a cast
pyextend.c: At top level:
pyextend.c:174: parse error before '*' token
pyextend.c:175: parse error before '*' token
pyextend.c:176: warning: return type defaults to `int'
pyextend.c: In function `pyextend_readselector':
pyextend.c:180: `args' undeclared (first use in this function)
pyextend.c:180: dereferencing pointer to incomplete type
pyextend.c: At top level:
pyextend.c:183: parse error before '*' token
pyextend.c:184: parse error before '*' token
pyextend.c:185: warning: return type defaults to `int'
pyextend.c: In function `pyextend_writeselector':
pyextend.c:188: `PyObject' undeclared (first use in this function)
pyextend.c:188: `pValue' undeclared (first use in this function)
pyextend.c:192: `args' undeclared (first use in this function)
pyextend.c:192: dereferencing pointer to incomplete type
pyextend.c:200: dereferencing pointer to incomplete type
pyextend.c:200: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_cbread':
pyextend.c:209: `PyObject' undeclared (first use in this function)
pyextend.c:209: `pArgs' undeclared (first use in this function)
pyextend.c:209: `pValue' undeclared (first use in this function)
pyextend.c:209: warning: left-hand operand of comma expression has no effect
pyextend.c:211: dereferencing pointer to incomplete type
pyextend.c:219: dereferencing pointer to incomplete type
pyextend.c:226: warning: implicit declaration of function `PyObject_CallObject'
pyextend.c:226: dereferencing pointer to incomplete type
pyextend.c:229: warning: implicit declaration of function `Py_DECREF'
pyextend.c:232: warning: implicit declaration of function `PyErr_Print'
pyextend.c: In function `pyextend_addbuffer':
pyextend.c:260: dereferencing pointer to incomplete type
pyextend.c:260: dereferencing pointer to incomplete type
pyextend.c:260: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_cbwrite':
pyextend.c:268: `PyObject' undeclared (first use in this function)
pyextend.c:268: `pArgs' undeclared (first use in this function)
pyextend.c:268: `pValue' undeclared (first use in this function)
pyextend.c:268: warning: left-hand operand of comma expression has no effect
pyextend.c:270: dereferencing pointer to incomplete type
pyextend.c:278: dereferencing pointer to incomplete type
pyextend.c:286: dereferencing pointer to incomplete type
pyextend.c:288: dereferencing pointer to incomplete type
pyextend.c:291: dereferencing pointer to incomplete type
pyextend.c:292: dereferencing pointer to incomplete type
pyextend.c:293: dereferencing pointer to incomplete type
pyextend.c:300: dereferencing pointer to incomplete type
pyextend.c:307: dereferencing pointer to incomplete type
pyextend.c:317: warning: implicit declaration of function `PyString_AsStringAndSize'
pyextend.c:334: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_init':
pyextend.c:351: `PyObject' undeclared (first use in this function)
pyextend.c:351: `pModule' undeclared (first use in this function)
pyextend.c:356: warning: implicit declaration of function `Py_Initialize'
pyextend.c:357: warning: implicit declaration of function `Py_GetPath'
pyextend.c:357: warning: passing arg 2 of `strlcpy' makes pointer from integer without a cast
pyextend.c:359: warning: implicit declaration of function `PySys_SetPath'
pyextend.c:361: warning: implicit declaration of function `Py_InitModule'
pyextend.c:362: warning: implicit declaration of function `PyModule_AddIntConstant'
pyextend.c: In function `pyextend_exit':
pyextend.c:371: warning: implicit declaration of function `Py_Finalize'
pyextend.c: In function `pyextend_load_module':
pyextend.c:386: `PyObject' undeclared (first use in this function)
pyextend.c:386: `pName' undeclared (first use in this function)
pyextend.c:386: `pModule' undeclared (first use in this function)
pyextend.c:386: `pDict' undeclared (first use in this function)
pyextend.c:386: `pFunc' undeclared (first use in this function)
pyextend.c:386: warning: left-hand operand of comma expression has no effect
pyextend.c:386: warning: left-hand operand of comma expression has no effect
pyextend.c:386: warning: left-hand operand of comma expression has no effect
pyextend.c:387: storage size of `tmp' isn't known
pyextend.c:402: warning: implicit declaration of function `PyString_FromString'
pyextend.c:403: warning: implicit declaration of function `PyImport_Import'
pyextend.c:413: warning: implicit declaration of function `PyModule_GetDict'
pyextend.c:415: warning: implicit declaration of function `PyDict_GetItemString'
pyextend.c:415: warning: implicit declaration of function `PyCallable_Check'
pyextend.c:420: sizeof applied to an incomplete type
pyextend.c:423: dereferencing pointer to incomplete type
pyextend.c:423: dereferencing pointer to incomplete type
pyextend.c:423: dereferencing pointer to incomplete type
pyextend.c:424: dereferencing pointer to incomplete type
pyextend.c:424: dereferencing pointer to incomplete type
pyextend.c:424: dereferencing pointer to incomplete type
pyextend.c:425: dereferencing pointer to incomplete type
pyextend.c:425: dereferencing pointer to incomplete type
pyextend.c:425: dereferencing pointer to incomplete type
pyextend.c:426: dereferencing pointer to incomplete type
pyextend.c:426: dereferencing pointer to incomplete type
pyextend.c:426: dereferencing pointer to incomplete type
pyextend.c:428: dereferencing pointer to incomplete type
pyextend.c:387: warning: unused variable `tmp'
pyextend.c: In function `pyextend_newstate':
pyextend.c:445: sizeof applied to an incomplete type
pyextend.c:449: dereferencing pointer to incomplete type
pyextend.c:450: dereferencing pointer to incomplete type
pyextend.c:451: dereferencing pointer to incomplete type
pyextend.c:452: dereferencing pointer to incomplete type
pyextend.c:454: dereferencing pointer to incomplete type
pyextend.c:454: dereferencing pointer to incomplete type
pyextend.c:454: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_freestate':
pyextend.c:464: dereferencing pointer to incomplete type
pyextend.c:465: dereferencing pointer to incomplete type
pyextend.c:471: dereferencing pointer to incomplete type
pyextend.c:472: dereferencing pointer to incomplete type
pyextend.c:474: dereferencing pointer to incomplete type
pyextend.c:475: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_connection_start':
pyextend.c:485: `PyObject' undeclared (first use in this function)
pyextend.c:485: `pArgs' undeclared (first use in this function)
pyextend.c:485: `pValue' undeclared (first use in this function)
pyextend.c:485: warning: left-hand operand of comma expression has no effect
pyextend.c:491: dereferencing pointer to incomplete type
pyextend.c:497: dereferencing pointer to incomplete type
pyextend.c:497: dereferencing pointer to incomplete type
pyextend.c:498: dereferencing pointer to incomplete type
pyextend.c:498: dereferencing pointer to incomplete type
pyextend.c:503: warning: implicit declaration of function `PyTuple_New'
pyextend.c:519: warning: implicit declaration of function `PyTuple_SetItem'
pyextend.c:521: dereferencing pointer to incomplete type
pyextend.c:532: dereferencing pointer to incomplete type
pyextend.c: In function `pyextend_connection_end':
pyextend.c:549: dereferencing pointer to incomplete type
pyextend.c:550: dereferencing pointer to incomplete type
pyextend.c:551: `PyObject' undeclared (first use in this function)
pyextend.c:551: `pArgs' undeclared (first use in this function)
pyextend.c:556: dereferencing pointer to incomplete type
pyextend.c:558: dereferencing pointer to incomplete type
make: ** [pyextend.o] Erro 1
[3] Comentário enviado por tatototino em 23/09/2006 - 02:40h
root@servidor:~# honeyd -p /var/log/honeyd/conf/nmap.prints -f /var/log/honeyd/conf/honeyd.conf -x /var/log/honeyd/conf/xprobe2.conf -a /var/log/honeyd/conf/nmap.assoc
apareceu o seguinte:
Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[5225]: started with -p /var/log/honeyd/conf/nmap.prints -f /var/log/honeyd/conf/honeyd.conf -x /var/log/honeyd/conf/xprobe2.conf -a /var/log/honeyd/conf/nmap.assoc
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[5225]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0d:87:ef:a2:33
Honeyd starting as background process
[4] Comentário enviado por renanopel em 19/12/2007 - 11:21h
Também estou com esse último problema. Os OSs emulados do honeyd não tem um endereço MAC, logo não podem ter conectividade com outros hosts na rede, veja (o IP 10.0.0.30 é o IP de um template):
# ping 10.0.0.30
PING 10.0.0.30 (10.0.0.30) 56(84) bytes of data.
From 10.0.0.10 icmp_seq=1 Destination Host Unreachable
From 10.0.0.10 icmp_seq=2 Destination Host Unreachable
From 10.0.0.10 icmp_seq=3 Destination Host Unreachable
[5] Comentário enviado por terranova em 07/04/2009 - 17:29h
Marcelo, provavelmente seu problema esta nesta linha pyextend.c:62:20: Python.h: Arquivo ou diretório não encontrado, onde diz que não foi encontrado o arquivo Python.h
Instale o pacote onde se encotra esta bibliote e tente novamente.
[6] Comentário enviado por romulorocha em 20/03/2010 - 09:55h
Bom dia Jefferson, gostaria de parabelizar pelo seu trabalho, otima artigo, gostaria de saber qual e o distribuicao que vc esta usando, tenho varios amigos uns acha melhor fazer em UBUNTU, outros em OpenBSD, outras em Dedian ecth, gostaria de saber qual vc utilizou para a fazer este projeto.