Creating a Honeyd Runtime Batch File

skip navigation

honeypots for windows
Chapter 6 - Honeyd Configuration
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Because it is difficult to remember and type in all the appropriate syntax at runtime, Honeyd administrators often create a batch file that includes their desired command-line options. Listing 6-1 shows how to create a batch file called Honeyd.bat that executes Honeyd with its common runtime options (the ones shown in the previous example of a runtime Honeyd command):

Listing 6.1: Sample Honeyd.bat File

image from book
 @echo off  Rem HONEYD.BAT-batch file to execute Honeyd with its common runtime options.  cls  honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC -f honeyd.config   -i 2 -l c:\Honeyd\log\honeyd.log 10.0.0.0/8 
image from book

Caution 

When using a batch file to execute Honeyd, make sure you type in the .bat file extension so the correct file executes. I’ve seen honeypot administrators troubleshooting runtime problems for over an hour, only to find out they were running Honeyd.exe, without any command-line parameters, instead of the intended Honeyd.bat file.

It is common for the batch file to contain several different runtime configurations, each pointing to different configuration files and log files. For example, one configuration may create a honeynet full of Windows Server 2003 computers, another configuration can create a collection of Exchange Server computers, and yet another configuration might show a single legacy Windows NT 4.0 system running IIS 4. Listing 6-2 shows how to create a Honeyd.bat file with different runtime configurations.

Listing 6.2: A Honeyd.bat Configuration File with Multiple Runtime Configurations

image from book
 @echo off  Rem HONEYD.BAT-batch file to execute Honeyd with its common runtime values.  cls  rem This Honeyd configuration sets up a network of Windows Server 2003 computers  echo.  echo Honeyd Honeynet-Windows Server 2003 computers  echo.  honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC  -f honeyd.config -i 2 -l c:\Honeyd\log\honeyd.log 10.0.0.0/8  rem This Honeyd configuration sets up a network of Exchange Server 2003 computers  rem echo.  rem echo Honeyd Honeynet-Exchange Server 2003 computers  rem echo.  rem honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC  -f honeyd.config2 -i 2 -l c:\Honeyd\log\honeyd2.log 10.0.0.0/8  rem This Honeyd configuration sets up a Windows NT Server with IIS 4  rem echo.  rem echo Honeyd Honeynet-Windows NT 4 Server with IIS 4  rem echo.  rem honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC  -f honeyd.config3 -i 2 -l c:\Honeyd\log\honeyd3.log 10.0.0.1/8 
image from book

Using a batch file like this lets you make quick configuration changes on the fly. You can easily remark (rem) and unremark different lines to get the desired setup.

With the runtime batch file covered, let’s turn to the Honeyd configuration file.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net