Lab-Proj 11.doc - Lab-Project 11 yesman-Scanner Honeypot with scapy What you need A Kali Machine real or virtual to act as the Target machine Any other

Lab-Proj 11.doc - Lab-Project 11 yesman-Scanner Honeypot...

This preview shows page 1 - 3 out of 8 pages.

Lab-Project 11: yesman--Scanner Honeypot with scapy What you need A Kali Machine, real or virtual, to act as the Target machine. Any other computer to act as the Scanner machine. I used another Kali virtual machine. A quiet network to work in--I recommend using NAT mode in VMware so the only network traffic you see is between your own two VMs. Purpose This script acts as a simple honeypot. It answers every SYN with a SYN/ACK. That will make port scans useless, as every port appears open. I think if you run the interface in promiscuous mode, this script will defend a whole network, answering every SYN no matter what IP address it is directed to. In order to make this script practical, you will need to add code to stop responding to any IP address & port combination that you are actually using. Otherwise this script will DoS your own network. Finding the IP Address of the Target Machine On the Target Machine, open a Terminal window (if you are using Ubuntu, click Applications , Accessories , Terminal ). On the Target Machine, in the Terminal window, execute the ifconfig command. Make a note of your IP address for later reference. Blocking ACK Packets on the Target Machine As before, you must block ACK packets with iptables. On the Target Machine, open a Terminal window. In the Terminal window, execute this command: iptables -L If you see a rule in the OUTPUT section that drops RST packets, as shown below on this page, your firewall is correctly configured. If the rule is not there, execute this command to add it: iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
Image of page 1
Sniffing a Packet in scapy On the Target Machine, in scapy, enter these commands: scapy sniff(count=1) Scapy sniffs a packet and shows you a summary of what it captured, as shown below on this page.
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 8 pages?

  • Fall '15

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors