SoHo Honeypot (SIG^2)

50 %
50 %
Information about SoHo Honeypot (SIG^2)

Published on September 21, 2007

Author: mboman

Source: slideshare.net

Description

SoHo Honeypot presentation for SIG^2 2005/03/30

SIG 2 SOHO Honeynet How to get Joe Sixpack to run a honeynet

How to get Joe Sixpack to run a honeynet

What we will cover The history of the project? Theory of operation Getting and hacking the hardware Custom firmware and OpenWRT VPN Firewall and routing Call for participation

The history of the project?

Theory of operation

Getting and hacking the hardware

Custom firmware and OpenWRT

VPN

Firewall and routing

Call for participation

History of the project Officially started 11 th January 2005 Real work started beginning of March Project leader: Michael Boman Project members: Rick Zhong Eugene Teo

Officially started 11 th January 2005

Real work started beginning of March

Project leader:

Michael Boman

Project members:

Rick Zhong

Eugene Teo

Project goals Using cheap off-the-shelf hardware to increase the network size of honeynets Make use of everyday people's always-on Internet (IE: Cable / ADSL) Make the system as simple as possible to configure and maintain Must not interfere with normal Internet usage

Using cheap off-the-shelf hardware to increase the network size of honeynets

Make use of everyday people's always-on Internet (IE: Cable / ADSL)

Make the system as simple as possible to configure and maintain

Must not interfere with normal Internet usage

Theory of Operation Use a router running Linux Open Source = Easy to Customize Linux has a wide range of already existing tools Project members are already familiar with Linux Establish a VPN to central honeynet Redirect all traffic that should have been dropped by the firewall to central honeynet

Use a router running Linux

Open Source = Easy to Customize

Linux has a wide range of already existing tools

Project members are already familiar with Linux

Establish a VPN to central honeynet

Redirect all traffic that should have been dropped by the firewall to central honeynet

Choosing hardware Linksys WRT54G 125Mhz MIPS CPU 16 Mb RAM 4 Mb Flash Linksys WRT54GS 125 Mhz MIPS CPU 16 Mb RAM 8 Mb Flash

Linksys WRT54G

125Mhz MIPS CPU

16 Mb RAM

4 Mb Flash

Linksys WRT54GS

125 Mhz MIPS CPU

16 Mb RAM

8 Mb Flash

Hacking the stock firmware Using the Linksys “ping” bug to enable boot_wait ;cp${IFS}*/*/nvram${IFS}/tmp/n ;*/n${IFS}set${IFS}boot_wait=on ;*/n${IFS}commit ;*/n${IFS}show>tmp/ping.log

Using the Linksys “ping” bug to enable boot_wait

;cp${IFS}*/*/nvram${IFS}/tmp/n

;*/n${IFS}set${IFS}boot_wait=on

;*/n${IFS}commit

;*/n${IFS}show>tmp/ping.log

Uploading custom firmware Configure tftp client Power cycle the router Upload the firmware using tftp

Configure tftp client

Power cycle the router

Upload the firmware using tftp

First boot Boot router in failsafe mode Run the firstboot script to initialize the jffs2 partition

Boot router in failsafe mode

Run the firstboot script to initialize the jffs2 partition

Using ipkg ipkg update Downloads the list of all available packages ipkg list List all available packages ipkg install <pkg> Installs a package ipkg remove <pkg> Removes a package

ipkg update

Downloads the list of all available packages

ipkg list

List all available packages

ipkg install <pkg>

Installs a package

ipkg remove <pkg>

Removes a package

Installing required software bridge zlib dnsmasq dropbear kmod-tun lzo openssl openvpn interface-wrt kmod-iptables-extra iptables-extra iptables ntpclient

bridge

zlib

dnsmasq

dropbear

kmod-tun

lzo

openssl

openvpn

interface-wrt

kmod-iptables-extra

iptables-extra

iptables

ntpclient

Current known or suspected issues (aka the ToDo List) TTL inconstancy Installation is not as simple as we want Configuration is not as simple as we want

TTL inconstancy

Installation is not as simple as we want

Configuration is not as simple as we want

Call for participation Developers C (Applications / Linux kernel) Ash shell script (Web GUI, helpers etc) Beta testers Have the required hardware Willing to test new firmware and packages Submit bug reports Documentation authors

Developers

C (Applications / Linux kernel)

Ash shell script (Web GUI, helpers etc)

Beta testers

Have the required hardware

Willing to test new firmware and packages

Submit bug reports

Documentation authors

Thank you Any questions?

Any questions?

Temporarily project home http://proxy.11a.nu/iwfc-soho-honeynet/

http://proxy.11a.nu/iwfc-soho-honeynet/

Add a comment

Related presentations

Related pages

SIG^2 G-TEC Labs Honeynet Project (Singapore) Bi-Yearly ...

SIG^2 G-TEC Labs Honeynet Project (Singapore) ... The SoHo Honeypot project is in the testing stage with nepenthes being added to the OpenWRT firmware.
Read more

‘PRIVACY IN DE KETEN’ - Documents

About Me 7 years in IT Security Principal Investigator for SIG 2 SoHo Honeypot project Working on innovative… Privacy Issues in VANETs ...
Read more

JPN1408 Hop-by-Hop Message Authentication and Source ...

JPN1408 Hop-by-Hop Message Authentication and Source Privacy in Wireless Sensor Networks; of 5
Read more

Palavras Chaves - URLib - Espelho Bibliográfico em ...

Todas as 48954 palavras chaves estão listadas abaixo. O número ao lado direito de cada palavra chave mostrada abaixo, corresponde ao número de ...
Read more