Jump to content
Okjokes

HoneyPy

By Okjokes, in Programe securitate

Recommended Posts

Okjokes Newbie

Okjokes

Posted
Posted

HoneyPy activează un port și dă ban pe IP oricui încearcă să se conecteze la el. 

#!/usr/bin/env python
import socket, os, sys, getopt
from struct import *

print "\033[95m  /\\  /\\/ __\\"
print " / /_/ / /   Honeypy - A HoneyPot for port scans"
print "/ __  / /"
print "\\/ /_/\\____/ \033[0m"
print "Usage: ./honeypy -p 1337\n"
if not os.geteuid() == 0:
 sys.exit('\033[91mScript must be run as root\033[0m')
ops, args = getopt.getopt(sys.argv[1:],"p:h:l:")
h,p,noblock = '', 5000, False
for o, a in ops:
 if o == '-h':
   h = a
 if o == '-p':
   p = int(a)
 if o == '-l':
   noblock = True
ls, s = socket.socket(socket.AF_INET, socket.SOCK_STREAM), socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
ls.bind((h, p))
print '\033[92mStarted on listening on port \033[0m' + str(p)
ls.listen(5)
while 1:
 packet = s.recvfrom(500)
 packet = packet[0]
 iph = packet[0:20]
 iph = unpack('!BBHHHBBH4s4s' , iph)
 version = iph[0] >> 4
 ihl = iph[0] & 0xF
 iph_length = ihl * 4
 s_addr,d_addr = socket.inet_ntoa(iph[8]), socket.inet_ntoa(iph[9]);
 tcp_header = packet[iph_length:iph_length+20]
 tcph = unpack('!HHLLBBHHH' , tcp_header)
 dest_port,length = tcph[1], tcph[4] >> 4
 if (str(dest_port) == str(p)):
   print '\033[93mINDAVER DETECTED:\033[0m ', str(s_addr)
   if (noblock == False):
     print 'Blocking IP...'
     os.system("iptables -A INPUT -s " + str(s_addr)  + " -j DROP")

 

  • Upvote 4
aelius Grand Master

aelius

Posted
Posted

Recomand folosirea insert-ului in loc de append la iptables, caz in care regula data nu depinde de ordinea celorlalte reguli deja prezente in sistem. De asemenea, ar fi o idee buna sa pui si comment pe regula, pentru a vedea de cine a fost data.

 

Exemplu: 

os.system("iptables -I INPUT -s " + str(s_addr)  + " -j DROP -m comment --comment HoneyPy")

Explicatie:

-I = Insert one or more rules in the selected chain as the given rule number.  So, if the rule number is 1, the rule or rules are inserted at the head of the chain.  This is  also the default if no rule number is specified.

-A  = Append  one or more rules to the end of the selected chain.  When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

 

Test: 

# Inseram regula pentru 158.69.206.85
root@ns:~# iptables -I INPUT -s 158.69.206.85 -j DROP -m comment --comment HoneyPy
# Putem verifica rapid toate regulile inserate de Honey (prin intermediul comment-ului)
root@ns:~# iptables -L -n -v |grep Honey
    0     0 DROP       all  --  *      *       158.69.206.85        0.0.0.0/0            /* HoneyPy */
root@ns:~#

 

  • Upvote 6

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...