Os secure pipes1/4/2023 #OS SECURE PIPES SOFTWARE#Secure: The system behaves like a well-configured OS.įailing: The system behaves like a machine with various hardware and software problems. Open: The system behaves like a poorly secured OS. Random: The system randomly rotates through the next three character states. There are six different characters available for each emulated OS: Enabling or disabling many settings, such as OSs, port listeners, and characters, is as easy as a mouse click. SPECTER has limited context-sensitive help text that you can access by clicking the ? button beside each option. But if you are looking for a honeypot with all its configuration settings in one place, this is the GUI for you.įigure 8-3: SPECTER’s main Control screen SPECTER’s GUI doesn’t follow the normal conventions of placing the less important features and branching selections under higher-level menus, so you see a lot of details on this one screen. Once installed, SPECTER’s very busy Control screen comes up, as shown in Figure 8-3. Installing SPECTER is as simple as running the Setup.exe file. This feature should be used with caution, as the aggressive response might alert the attacker. This allows, at the administrator’s option, for the remote hackers to be probed and fingerprinted while they are doing the same. SPECTER’s automatic intelligence options include finger, traceroute, port scanning, whois, DNS lookups, and even banner grabbing. #OS SECURE PIPES PASSWORD#It can generate fake Windows password files with varying levels of difficultly for hackers to download. And when it does its weekly program update, it can change its content, vulnerabilities, and markers. It also is the only honeypot I know to dynamically generate fake content. It contains documents, e-mail messages, web pages, and even fake user accounts and passwords. SPECTER is at the top of its class in the area of built-in content. Theoretically, these markers might be used by law-enforcement agencies to prosecute hackers (although I don’t think they have been used this way yet). SPECTER can dynamically generate more than 100 different executable programs and can leave up to 32 markers on a hacker’s system. SPECTER’s most interesting feature is its ability to mark the remote hacker. SPECTER has many unique features, including markers, custom content, fake password files, and trace-back intelligence. On the downside, SPECTER cannot emulate anything besides these 14 TCP ports, and it doesn’t listen on UDP ports or ICMP. Others, like HTTP and POP3, allow more interaction, including logging in and getting content. Some of the emulated services, like telnet, offer the remote hacker a login attempt (although the hacker never gets to log in). The seven services can be customized slightly by adding your own content, banner screens, and user accounts. For instance, if you choose the Windows OS, it will emulate IIS, FTP, Exchange Server, and so on. The services will attempt to emulate services that would be present on the OS you choose. The Generic trap is any TCP port you choose, but it can be only one, which is a bit limiting. Traps are simply ports that listen for and record probes, and terminate any connection attempts. As shown in Table 8-1, SPECTER classifies seven of these as traps and seven as emulated services. #OS SECURE PIPES PLUS#It also offers 14 different TCP services: SMTP, FTP, telnet, finger, POP3, IMAP4, HTTP, SSH, DNS, SUN-RPC, a single customizable port, plus a few trojans (NetBus, Back Orifice 2000, and SubSeven). It emulates 14 different OSs, including Windows 98, Windows NT, Windows 2000, Windows XP, MacOS, and a host of Unix flavors. SPECTER runs as an application-level honeypot on Windows 2000 Service Pack 2 or Windows XP Service Pack 1 and automatically checks online for weekly program updates. Contact to obtain an evaluation copy of SPECTER. If you believe that a good offense is a good defense, then SPECTER may be for you. SPECTER, by Network Security (), is an $899 GUI honeypot with a bunch of unique features. Chapter 8 - Other Windows-Based Honeypots
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |