| Honeyd is a daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services.Their personality can be configured so that the virtual hosts appeares to be running certain versions of operating systems.To enhance the simulation ability of Honeyd, old way is using the plug-in interface provided by Honeyd, writing script procedures to emulate network services, But because differences operating systems have different fingerprints, the script writing is comparatively complicated. This thesis used the idea presented by Apel Thomas from the RWTH Aachen University , that is generating fingerprints of network servers and their use in honeypots, adopted a new method to extend Honeyd ,by which we can no longer simulate services with script proceduresr,obtaines the fingerprint information of servers forwardly, then Honeyd reades these messages and returnes to the attackers. This way improves the aptitude of Honeyd, it is a new way of extension.After testing, with the personality database parsing, the emulator generated by this system can deceive some popular fingerprinting tools, and Honeyd is able to record the attack information of simulated services in the log files. |
PDF Full Text Request