一次入侵秀的详细分析(国外英文资料).doc

一次入侵秀的详细分析 A detailed analysis of an invasion show Information: Sinbad Technical Publications Page 1 Cause 1. This article focuses on my Linux Honeypot, which is a network of honeybees that lure worms and each The visitors came. To make honeypot more attractive, you need to do something about it. The most There is this discussion in the near mailing list, and one guy says that his friend was published in a hacker IRC Honeypots IP address, which resulted in the discovery of a honeypot system in the wake of the invasion of Romania The action is all documented, and then angry, and the distributed denial of service is the result of this The network was paralyzed for a month. So be skilled in seducing intruders. Last month I had a chat with a friend of mine: Set up a common user account, password and username, log in on the console and keep him Stay in place and confirm that the system is open to finger service. The more nostalgic intruders are still in love with finger In the case of a single clock, try to finger a bunch of user names, then simply guess the password into the system and expect to be able to Draw the line with the awesome Script Kids. I didnt expect my friend to have a very good memory. After a month, I didnt send an invitation The road found honeypot and logged in with the normal account. Knowing this is a honeypot system, all the actions are monitored and recorded, and the local root, Do you want to have a back door, a chicken attack on other machines, and not just on the stage? this Thats where the word came from. Lets take a look at the show, which is based primarily on the system collected by the log server Logging, historical commands, and the sessions that Snort records. Of course, save space and privacy Private parts have been cut. The hope is that the reader will learn from his own perspective. 2. Scan One Saturday afternoon, the Snort alarm prompted the SuperScan scan from 202. X.X.X to send An ICMP Echo packet test system is alive: [1:47] the