Your SlideShare is downloading. ×
SoHo Honeypot (SIG^2)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SoHo Honeypot (SIG^2)

649
views

Published on

SoHo Honeypot presentation for SIG^2 2005/03/30

SoHo Honeypot presentation for SIG^2 2005/03/30

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
649
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SIG 2 SOHO Honeynet
      • How to get Joe Sixpack to run a honeynet
  • 2. What we will cover
    • The history of the project?
    • Theory of operation
    • Getting and hacking the hardware
    • Custom firmware and OpenWRT
    • VPN
    • Firewall and routing
    • Call for participation
  • 3. History of the project
    • Officially started 11 th January 2005
    • Real work started beginning of March
    • Project leader:
      • Michael Boman
    • Project members:
      • Rick Zhong
      • Eugene Teo
  • 4. Project goals
    • Using cheap off-the-shelf hardware to increase the network size of honeynets
    • Make use of everyday people's always-on Internet (IE: Cable / ADSL)
    • Make the system as simple as possible to configure and maintain
    • Must not interfere with normal Internet usage
  • 5. Theory of Operation
    • Use a router running Linux
      • Open Source = Easy to Customize
      • Linux has a wide range of already existing tools
      • Project members are already familiar with Linux
    • Establish a VPN to central honeynet
    • Redirect all traffic that should have been dropped by the firewall to central honeynet
  • 6. Choosing hardware
    • Linksys WRT54G
      • 125Mhz MIPS CPU
      • 16 Mb RAM
      • 4 Mb Flash
    • Linksys WRT54GS
      • 125 Mhz MIPS CPU
      • 16 Mb RAM
      • 8 Mb Flash
  • 7. Hacking the stock firmware
    • Using the Linksys “ping” bug to enable boot_wait
        • ;cp${IFS}*/*/nvram${IFS}/tmp/n
        • ;*/n${IFS}set${IFS}boot_wait=on
        • ;*/n${IFS}commit
        • ;*/n${IFS}show>tmp/ping.log
  • 8. Uploading custom firmware
    • Configure tftp client
    • Power cycle the router
    • Upload the firmware using tftp
  • 9. First boot
    • Boot router in failsafe mode
    • Run the firstboot script to initialize the jffs2 partition
  • 10. Using ipkg
    • ipkg update
      • Downloads the list of all available packages
    • ipkg list
      • List all available packages
    • ipkg install <pkg>
      • Installs a package
    • ipkg remove <pkg>
      • Removes a package
  • 11. Installing required software
    • bridge
    • zlib
    • dnsmasq
    • dropbear
    • kmod-tun
    • lzo
    • openssl
    • openvpn
    • interface-wrt
    • kmod-iptables-extra
    • iptables-extra
    • iptables
    • ntpclient
  • 12. Current known or suspected issues (aka the ToDo List)
    • TTL inconstancy
    • Installation is not as simple as we want
    • Configuration is not as simple as we want
  • 13. Call for participation
    • Developers
      • C (Applications / Linux kernel)
      • Ash shell script (Web GUI, helpers etc)
    • Beta testers
      • Have the required hardware
      • Willing to test new firmware and packages
      • Submit bug reports
    • Documentation authors
  • 14. Thank you
    • Any questions?
  • 15. Temporarily project home
    • http://proxy.11a.nu/iwfc-soho-honeynet/

×