Back to files

Authors
Luis Wong <-> lwong@mpsnet.net.mx
Shawn Wallis <-> swallis@ittc.ukans.edu revision 0.2-3

http://lwong.mpsnet.net.mx
http://sourceforge.net/projects/single-honeypot

Single Honey-pot Based in
# tiny honeypot version 0.4.3-2
# Copyright George Bakos - alpinista@bigfoot.com # July 23, 2002
# This is free software, released under the tems of the GNU General # Public License avaiable at http://www.gnu.org

You only run

./install.sh

That's all.

Avaible targets shell, smtp, ftp, http, pop3

portmap

I wanted to register every service imaginable with the portmapper, but didn't like the idea of actually running the daemons necessary and relying on the firewall to keep the beasties at bay (some dweeb's voice in my ear kept saying, "defense in depth.") I was going to bang on the sources to portmapper and hardcode everything from /etc/rpc into there, but after I pulled the tarball down, I started reading and saw that pmap_dump and pmap_set would do it all. Cool. Thanks Wietse.

The fakerpc here is derived from RedHat Linux 7.1, Irix 5.3, and Solaris 8's /etc/rpc files, and then built to include lines for versions 1-4 of each rpc program, via both udp and tcp. Start portmapper as normal, but instead of firing up rpc programs, just execute:

"pmap_set < /usr/local/thp/fakerpc". There's a 1:1 chance that this will break your existing legit rpc services. If you are running rpc services on your firewall/hpot, you should go hang out with those non-IDS types above.