Info BackTrack

Linux & Security Tutorial

Honeypot PentBox di Backtrack 5 R3


Ada beberapa definisi honeypot yang disampaikan oleh beberapa peneliti honeypot pada makalah sistem kemanan yang mereka buat maupun dari halaman web.

Menurut Lance Spitzner, seorang arsitek sistem keamanan Sun Microsystems, ”A honeypot is security resource whose value lies in being probed, attacked, or compromised.” , honeypot baru dikatakan suatu sistem keamanan jika honeypot tersebut disusupi, diserang, atau dikendalikan oleh penyerang.

Menurut Reto Baumann melalui tugas akhir diplomanya, ” A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attack and the attacker.

Untuk refrensi lanjutnya bisa di baca disini –> http://aldimazz.wordpress.com/2011/12/24/jaringan-honeypot/

Oke langsung aja kita praktekan cara mengaplikasikan honeypot diBackTrack secara lhost vbox (linux lain juga bisa,dengan syarat support *ruby).

Pada artikel ini kita menggunakan Honeypotnya PentBox. Pada artikel sebelumnya saya sudah jelaskan sedikit tentang PentBox.

—Step 1 PentBox Network tools


Pilih / ketik Opsi 2

—2 PentBox Network tools Honeypot


Pilih / ketik Opsi 3

—3 // Honeypot // + Config.Mode.Manual


// Honeypot //

You must run PenTBox with root privileges.

 Select option.

1- Fast Auto Configuration
2- Manual Configuration [Advanced Users, more options]

   -> 2

 Insert port to Open.

   -> 23

 Insert false message to show.

   -> Wellcome ftp mode infobacktrack.com. Port 23 is open. Hancurkan bang ^^

 Save a log with intrusions?

 (y/n)   -> y

 Log file name? (incremental)

Default: */pentbox/other/log_honeypot.txt

   -> /root/Senjata/pentbox-1.5/log_honeypot.txt

 Activate beep() sound when intrusion?

 (y/n)   -> y

  HONEYPOT ACTIVATED ON PORT 23 (2012-10-13 22:09:20 +0700)

Nb: Jangan close dulu terminal honeypot

—4 Test Fungsi Honeypot

Disini kita ‘ifconfig’ dulu diterminal, biar ip vbox terlihat.  Setelah itu kita nmap -Pn untuk melihat open port si honeypot yang aktif

running telnet


lindo@laptop:~# nmap -Pn 192.168.56.1

Starting Nmap 5.51 ( http://nmap.org ) at 2012-10-13 22:09 WIT
Nmap scan report for 192.168.56.1
Host is up (0.000011s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
23/tcp  open  telnet
111/tcp open  rpcbind

—5 Monitoring Aktivitas jebakan port honeypot.

—done.

Sumber: http://aldimazz.wordpress.com/2011/12/24/jaringan-honeypot/

Artikel Terkait:

One response to “Honeypot PentBox di Backtrack 5 R3

  1. hakin9 premuim downloads January 11, 2014 at 8:52 pm

    Hey Grab hakin9’s premium magazines for free. Just fill in the option,
    and recieve the penetration testing magazine from hakin9 absolutley
    free! Amazing Backtrack tutorials.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: