SoHo Honeypot (SIG^2)
If you can't read please download the document
-
Upload
michael-boman -
Category
Technology
-
view
976 -
download
0
Transcript of SoHo Honeypot (SIG^2)
SIG2 SOHO Honeynet
How to get Joe Sixpack to run a honeynet
What we will cover
The history of the project?
Theory of operation
Getting and hacking the hardware
Custom firmware and OpenWRT
VPN
Firewall and routing
Call for participation
History of the project
Officially started 11th January 2005
Real work started beginning of March
Project leader:
Michael Boman
Project members:
Rick Zhong
Eugene Teo
Project goals
Using cheap off-the-shelf hardware to increase the network size of honeynets
Make use of everyday people's always-on Internet (IE: Cable / ADSL)
Make the system as simple as possible to configure and maintain
Must not interfere with normal Internet usage
Theory of Operation
Use a router running Linux
Open Source = Easy to Customize
Linux has a wide range of already existing tools
Project members are already familiar with Linux
Establish a VPN to central honeynet
Redirect all traffic that should have been dropped by the firewall to central honeynet
Choosing hardware
Linksys WRT54G
125Mhz MIPS CPU
16 Mb RAM
4 Mb Flash
Linksys WRT54GS
125 Mhz MIPS CPU
16 Mb RAM
8 Mb Flash
Hacking the stock firmware
Using the Linksys ping bug to enable boot_wait
;cp${IFS}*/*/nvram${IFS}/tmp/n
;*/n${IFS}set${IFS}boot_wait=on
;*/n${IFS}commit
;*/n${IFS}show>tmp/ping.log
Uploading custom firmware
Configure tftp client
Power cycle the router
Upload the firmware using tftp
First boot
Boot router in failsafe mode
Run the firstboot script to initialize the jffs2 partition
Using ipkg
ipkg update
Downloads the list of all available packages
ipkg list
List all available packages
ipkg install
Installs a package
ipkg remove
Removes a package
Installing required software
bridge
zlib
dnsmasq
dropbear
kmod-tun
lzo
openssl
openvpn
interface-wrt
kmod-iptables-extra
iptables-extra
iptables
ntpclient
Current known or suspected
issues (aka the ToDo List)
TTL inconstancy
Installation is not as simple as we want
Configuration is not as simple as we want
Call for participation
Developers
C (Applications / Linux kernel)
Ash shell script (Web GUI, helpers etc)
Beta testers
Have the required hardware
Willing to test new firmware and packages
Submit bug reports
Documentation authors
Thank you
Any questions?
Temporarily project home
http://proxy.11a.nu/iwfc-soho-honeynet/
