After studying Linux Honeywall for a long time, I would like to share with you that you have certainly gained a lot after reading this article. I hope this article will teach you more things. The primary system uses a public IP address, and the customer system can only use a private IP address. However, if we install another system that can be connected to the Internet through bridging, the system will become a bridge), we can set the IP addresses of these customer systems to public IP addresses, directly connect to the Internet from this virtual bridge. We can see that we built our self-contained virtual Honeynet in this way. From Vmware-based third-generation Virtual Honeynet deployment and attack instance analysis)
After reading many related papers and translation articles from the BCC of Peking University, I decided to use Vmware to build an Honeynet in my notebook. Preparations: Laptop: Dell D620 T5600/2g ram/80G/GF7300 required software:
Vmware workstation Roo Sebek Windows Server 2003
Platform: Windows XP SP2
Steps:
1. First install VMware workstation on the host, and then run the vmware-config.pl according to the default settings. Confirm the number of vmnet that uses bridge and Hostonly.
2. Start VMWARE and create a new VM. Note the following points during the creation process: the hard disk format must be set to IDE, otherwise it cannot be recognized. Then, you must create three NICs to implement the WEB interface of Walleye. We set eth0 to bridge), then eth1 to hostonly, and eth2 to bridge.
3. Set cdrom as the specified ISO file at this time. We mount the roo image file to the VM and then start the VM. At this time, you only need to press Enter. The installation of Roo is completely automated. After ten minutes, a logon page will appear.
4. the Default User Name of Linux Honeywall is roo and the password is honey. After logging on, use $ su-to switch to the root user. Of course, don't forget to change your password to a complicated one. The first time you log on to Linux Honeywall, the first configuration mode is displayed. The configuration above is as set in Vmware-based third-generation Virtual Honeynet deployment and attack instance analysis. We can set the IP address of Honeypot to 192.168.0.55 192.168.0.56. We can also set more settings based on the number of Honeypot, because I only set two for the notebook ). However, it must be noted that there is only one network card on the laptop, so we also set the managed IP segment to 192.168.0.X. For the three NICs, set my IP address to eth0 192.168.0.51, eth1 IP address to 192.168.0.50, and eth2 IP address to 192.168.0.52. remember to write down the IP address and MAC address of eth1 for later use.
5. Create a New VM as the Honeypot. I chose Windows Server 2003 R2. You only need to set a nic. The method is no longer repeated. We only need to set the IP address to one of the several IP addresses we have set in Linux Honeywall. My practice is to set it to 192.168.0.55. At this time, install Sebek. After I download the latest Sebek and install it, first run the installation and run configure. Set the packet address to 192.168.0.50, and then write down the MAC address. Remember the random Magic Value because the same Honeywall requires the same Magic Value. When the system is restarted, a blue screen may appear at least here. I don't know if it is a specific phenomenon.) restart and press F8, after selecting the last available configuration to start and enter the system, Sebek still works. I started the WEB service and FTP service in IIS for him.
6. The main default Linux Honeywall does not support Walleye. Therefore, you should use the root user and enter the menu for configuration. Linux Honeywall Configuration later Remote Management Walleye. Save and exit at this time. Open Https: // 192.168.0.52 in the browser on hostos
Because it is encrypted by SSL, a protocol that you accept will appear in this case. Click accept. The logon page is displayed. The default username is roo and the password is honey. Then you will be asked to reset the password. The new password must be of high severity and contain uppercase/lowercase letters, numbers, and special characters. After the settings, the Honeynet configuration in the notebook is basically completed. For the use and introduction of Walleye, see Roo Technical Report. This completes. The following is the test. ,
For more information, see:
Vmware-based third-generation Virtual Honeynet deployment and attack instance analysis Learning with VMware roo_cdrom_user_manual Roo technical reports can all be obtained from the http://www.icst.pku.edu.cn/honeynetweb/honeynetcn, if you need it, you can also join their email list to discuss the technology. Now, I don't know why there are always people making advertisements, which is very bad ). Of course, the official http://www.honeynet.org is also not a place to go. The above is a virtual introduction to Linux Honeywall.
- Linux is not your reason
- Easily retrieve the lost root password in the Linux operating system
- Analyze the Linux and Windows operating systems for you
- Describes the hardware supported by Linux operating system installation and recognition.
- Details about how to use Windows partitions in Linux