Presentation is loading. Please wait.

Presentation is loading. Please wait.

Or Getting Worms for < $50 Babby’s First Honeypot Noah Nadeau NN.

Published byNaomi Parsons Modified over 10 years ago

Similar presentations

Presentation on theme: "Or Getting Worms for < $50 Babby’s First Honeypot Noah Nadeau NN."— Presentation transcript:

1 Or Getting Worms for < $50 Babby’s First Honeypot Noah Nadeau NN

2 Installation Prerequisites Workstation with SD Card Reader Alternatively, buy a microSD card with distro pre-installed Installed Linux distro (Native or LiveCD) Bootice might also work Raspbian distro Hardware Raspberry Pi B+ - case optional High speed 16 GB microSD card (logs can get big) 1.0A Micro USB Power Cat 5(e) cable HDMI cable & USB keyboard (for initial configuration) Prerequisites Setup

3 What’s Needed Raspberry Pi Honeypot

4 Raspbian Download stripped Linux distro (Raspbian) Image distro to microSD card using dd Run through raspi-config Run update/upgrade commands Final modifications Install nepenthes thpot dionaea Wait View Logs ImageConfig Updates Installation Follow-Up

5 http://www.raspberrypi.org/downloads/ Download the Raspbian image Use dd to image to microSD card dd if={image location} of={sd card slot in /dev/} bs=512K Validate the image Note: (g)parted will have issues viewing the created partitions (particularly the boot sector) prior to system restart Part 1 Raspbian Installation

6 raspi-config Connect peripherals (HDMI, Keyboard, Cat 5) and power on Connect to network, find its IP and SSH Then run raspi-config First-time installation notes: Expand Filesystem Intationalisation Options (thanks Obama) Change Locale, Timezone, and Keyboard Layout Change Password (do this *after* changing the keyboard) Boot to Desktop / Scratch (leave as command line) Part 2 Raspbian Installation

7 Final Updates Run your standard update commands apt-get update apt-get upgrade apt-get autoclean apt-get autoremove Optional: Remove unused libraries Scratch, others… Part 3 Raspbian Installation

8 Basic Steps # mkdir /var/log/hpot # chown nobody:nobody /var/log/hpot # chmod 700 /var/log/hpot #./iptables.rules # cp./xinetd.d/* /etc/xinetd.d/ # service portmap restart # pmap_set < /usr/local/thp/fakerpc # service xinetd restart Simple, low-configuration honeypot tinyhoneypot

9 Dependent on portmap and xinetd # chown nobody:nogroup /var/log/thpot # chmod 700 /var/log/thpot #./iptables.rules # cp./xinetd.d/* /etc/xinetd.d/ # service rpcbind restart # pmap_set < /usr/local/thp/fakerpc # service xinetd restart FFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUUU tinyhoneypot

10 Nepenthes Replaced by dionaea Debian install instructions at http://dionaea.carnivore.it///#compilinghttp://dionaea.carnivore.it///#compiling … Take 2

11 DEV installation on Kali Works fine./configure --with-lcfg-include=/opt/dionaea/include/ --with-lcfg- lib=/opt/dionaea/lib --with-python=/opt/dionaea/bin/python3.2 --with-cython- dir=/opt/dionaea/bin --with-udns-include=/opt/dionaea/include/ --with-udns- lib=/opt/dionaea/lib --with-emu-include=/opt/dionaea/include/ --with-emu- lib=/opt/dionaea/lib/ --with-gc-include=/usr/include/gc --with-ev- include=/opt/dionaea/include --with-ev-lib=/opt/dionaea/lib --with-nl- include=/usr/include --with-nl-lib=/usr/lib --with-curl-config=/usr/bin/ --with- pcap-include=/opt/dionaea/include --with-pcap-lib=/opt/dionaea/lib/ make make install Dry Run: Kali Dionaea

12 Raspbian Dionaea

13 Kali VM with x86_64 architecture ≠ Raspbian on ARM Additional packages: libffi-dev gettext Glib version must be <= 2.32. Raspbian runs glib v2.40. Changes break dionaea Kali runs 2.32 or older Glib 2.40 introduced g_info g_thread_init and g_mutex_new deprecated Even with changes to source, compiling is broken Lessons Learned Dionaea

14 dionaea ARM packages are available from a different source (thanks yerry pi): nano /etc/apt/sources.list (add the line:) deb http://packages.s7t.de/raspbian wheezy mainhttp://packages.s7t.de/raspbian apt-get update apt-get install libglib2.0-dev libssl-dev libcurl- openssl-dev libreadline-dev libsqlite3-dev libtool automake autoconf build-essential subversion git-core flex bison pkg-config libnl-3-dev libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev liblcfg libemu libev dionaea-python dionaea-cython lipcap udns dionaea liblcfg Take 3 Dionaea

15 cp /opt/dionaea/etc/dionaea.conf.dist /opt/dionaea/etc/dionaea.conf chown nobody:nogroup /opt/dionaea/ -R dionaea -u nobody -g nogroup -r /opt/dionaea -w /opt/dionaea -p /opt/dionaea/var/dionaea.pid /opt/dionaea/bin/dionaea –l all,-debug –L ‘*’ –D nano /opt/dionaea/readlogsqltree (change first line:) #!/opt/dionaea/bin/python3.2 Configuration Dionaea

16 The Payoff… Dionaea

17 Access Attempts Dionaea

18

19 Technical: Found 3 rogue systems at work (with DEV Kali deployment alone) 2 in LAN, 1 at HQ First probe on PROD within 90 minutes of setting up. First active attack 14 hours later (mssql) Academic: Going the long way around, you’ll learn / remember more about C/C++ and makefiles than you wish you could Social: When playing Crash and Compile: 1) do it with your own sourcecode; 2) don’t try to beat your old score. Lessons Learned Dionaea

20 MSSQL Attack: http://pastebin.com/4dkmukPp

21 Possible Improvements Install Vagrant / mhn Replication and centralized control Addition of p0f Passive remote machine identification Understanding bistreams Locate the pcaps Extend for HTTP What to do with this information? Next Steps Dionaea

22 References / Additional Reading Dionaea homepage: http://dionaea.carnivore.it/ Nathan Yee – Deploying Dionaea on a Raspberry Pi https://github.com/threatstream/mhn/wiki/Deploying-Dionaea-on-a-Raspberry-Pi Yerry Pi – Dionaea on Raspberry Pi http://droidtoo.blogspot.com/2013/05/setting-up-dionaea-on-raspberry-pi.html In ur networks, nabbing ur exploits Dionaea

23 Questions?

Download ppt "Or Getting Worms for < $50 Babby’s First Honeypot Noah Nadeau NN."

Similar presentations

Presented by W1BAW Bruce Wattendorf. What is a Raspberry PI A $35 computer with out a monitor, keyboard, mouse but they all can be added.

Presented by W1BAW Bruce Wattendorf. What is a Raspberry PI A $35 computer with out a monitor, keyboard, mouse but they all can be added.
By: Lloyd Albin 9/28/2012. We are not talking about a Raspberry Pie.

By: Lloyd Albin 9/28/2012. We are not talking about a Raspberry Pie.
VM Creation & Pi Baking. Group Project Upcoming 4 members per group 3 or 5 will be allowed, but verify with instructor first Start thinking about forming.

VM Creation & Pi Baking. Group Project Upcoming 4 members per group 3 or 5 will be allowed, but verify with instructor first Start thinking about forming.
Building your own Chartplotter with AIS, Radar, & Autopilot

Building your own Chartplotter with AIS, Radar, & Autopilot
Introduction to the Raspberry Pi ® Saman Amighi 10/2013 ® Raspberry Pi Foundation.

Introduction to the Raspberry Pi ® Saman Amighi 10/2013 ® Raspberry Pi Foundation.
Building an APRS Weather Station for Under $300 APRS Wx station presentation by Chris, W8CWG, Mound Amateur Radio Association 3 Dec 2014.

Building an APRS Weather Station for Under $300 APRS Wx station presentation by Chris, W8CWG, Mound Amateur Radio Association 3 Dec 2014.
Post install; Live CD Chapter II / Part 1I. Post install After install completes, take out the install CD/DVD Reboot Check if boot loader is working properly.

Post install; Live CD Chapter II / Part 1I. Post install After install completes, take out the install CD/DVD Reboot Check if boot loader is working properly.
Installation Ubuntu for Libraries. Step 1: Download Head on to Pick Ubuntu 13.04 LTS; just click the big orange.

Installation Ubuntu for Libraries. Step 1: Download Head on to Pick Ubuntu LTS; just click the big orange.
Embedded Programming and Robotics Lesson 12 Introducing the Raspberry Pi Intro to Raspberry Pi1.

Embedded Programming and Robotics Lesson 12 Introducing the Raspberry Pi Intro to Raspberry Pi1.
Installing Linux Redhat: A how to guide in installing and configuring Redhat 6.2.

Installing Linux Redhat: A how to guide in installing and configuring Redhat 6.2.
An illustrated introduction to building a computer using a Raspberry Pi 2. A Raspberry Pi, that is! Images from Microsoft clipart.

An illustrated introduction to building a computer using a Raspberry Pi 2. A Raspberry Pi, that is! Images from Microsoft clipart.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
#RetroPi Nicholas Moore July 13, 2013. Turn your RPi into a Retro Game System:

#RetroPi Nicholas Moore July 13, Turn your RPi into a Retro Game System:
SINGLE BOARD COMPUTERS -KEVIN JOSE. WHY DO WE USE THEM? Good performance at low price GPIO capability to interact with the outside world Small form factor,

SINGLE BOARD COMPUTERS -KEVIN JOSE. WHY DO WE USE THEM? Good performance at low price GPIO capability to interact with the outside world Small form factor,
Raspberry PI Dhruv Shah aka Snypter. About Me Information Security Consultant Security Blogger – security-geek.in/blog/ Core area of interest : Web Application.

Raspberry PI Dhruv Shah aka Snypter. About Me Information Security Consultant Security Blogger – security-geek.in/blog/ Core area of interest : Web Application.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Pi In The Sky Chris Stubbs. What’s in the HAB kit Balloon (keep this safe) Parachute PITS kit Raspberry Pi Model A (for flight) + SD + Camera Raspberry.

Pi In The Sky Chris Stubbs. What’s in the HAB kit Balloon (keep this safe) Parachute PITS kit Raspberry Pi Model A (for flight) + SD + Camera Raspberry.
Chapter 7 Microsoft Windows XP. Windows XP Versions XP Home XP Home XP Professional XP Professional XP Professional 64-Bit XP Professional 64-Bit XP Media.

Chapter 7 Microsoft Windows XP. Windows XP Versions XP Home XP Home XP Professional XP Professional XP Professional 64-Bit XP Professional 64-Bit XP Media.
Mark Recoskie November 14, 2011. Agenda  Quick review of value proposition  Review of Warp r1v2 hardware and software  What’s new in Warp 3.0 hardware?

Mark Recoskie November 14, Agenda  Quick review of value proposition  Review of Warp r1v2 hardware and software  What’s new in Warp 3.0 hardware?
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

Similar presentations

Ads by Google