combine wordpot and p0f
221 views
Skip to first unread message
Diyanatul Husna
Mar 12, 2015, 11:57:38 PM3/12/15
to modern-hon...@googlegroups.com
Hello crew,
I have to say I'm very excited to get some good intell out of this cool project
I'm having some problems with deploying sensors. I followed the instructions from github and from this web: https://itandsecuritystuffs.wordpress.com/2015/02/03/honeypot-networks/
I have installed wordpot and p0f, and I want to combine them, but when I use WPSCAN, a connection to the webpage it does not set an alarm for p0f but it will set an alarm for wordpot, I use p0f sensor bacause i want to identify the type of Operating System a host is running and other informations
Note : I'am use MHN server for my topic thesisI have to say I'm very excited to get some good intell out of this cool project
I'm having some problems with deploying sensors. I followed the instructions from github and from this web: https://itandsecuritystuffs.wordpress.com/2015/02/03/honeypot-networks/
I have installed wordpot and p0f, and I want to combine them, but when I use WPSCAN, a connection to the webpage it does not set an alarm for p0f but it will set an alarm for wordpot, I use p0f sensor bacause i want to identify the type of Operating System a host is running and other informations
Jason Trost
Mar 13, 2015, 7:46:46 AM3/13/15
to Diyanatul Husna, modern-hon...@googlegroups.com
Hey Diyanatul,
Could you provide some more detail re p0f not working? Can you follow
this guide and if you can't figure it out, please provide us with the
commands' outputs mentioned here as well as your logs in
/var/log/p0f.*.
https://github.com/threatstream/mhn/wiki/MHN-Troubleshooting-Guide#troubleshooting-the-honeypot-side
--Jason
> --
> You received this message because you are subscribed to the Google Groups
> "Modern Honey Network" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to modern-honey-net...@googlegroups.com.
> To post to this group, send email to modern-hon...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/modern-honey-network/CAH%2BpAbBG5Pf8HPs5Z7w_L6OPCegXsO37Gm98qmFm%3DBucSacu3w%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
Jason Trost | Director of ThreatStream Labs | www.threatstream.com
2317 Broadway, 3rd Floor| Redwood City, CA 94063
Phone: 386.235.0078 | Twitter: @jason_trost
Could you provide some more detail re p0f not working? Can you follow
this guide and if you can't figure it out, please provide us with the
commands' outputs mentioned here as well as your logs in
/var/log/p0f.*.
https://github.com/threatstream/mhn/wiki/MHN-Troubleshooting-Guide#troubleshooting-the-honeypot-side
--Jason
> You received this message because you are subscribed to the Google Groups
> "Modern Honey Network" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to modern-honey-net...@googlegroups.com.
> To post to this group, send email to modern-hon...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/modern-honey-network/CAH%2BpAbBG5Pf8HPs5Z7w_L6OPCegXsO37Gm98qmFm%3DBucSacu3w%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
Jason Trost | Director of ThreatStream Labs | www.threatstream.com
2317 Broadway, 3rd Floor| Redwood City, CA 94063
Phone: 386.235.0078 | Twitter: @jason_trost
Diyanatul Husna
Mar 13, 2015, 8:12:12 PM3/13/15
to modern-hon...@googlegroups.com, diyanat...@gmail.com
p0f status is starting
and this is output /var/log/p0f.out
I use WPSCAN (rubby wpscan.rb --url 192.168.1.101:70) , a connection to the webpage it does not set an alarm for p0f but it will set an alarm for wordpot (i set wordpot port = 70)
--diyana
> email to modern-honey-network+unsub...@googlegroups.com.
Jason Trost
Mar 17, 2015, 8:29:18 AM3/17/15
to Diyanatul Husna, modern-hon...@googlegroups.com
It looks like the p0f wrapper is script that starts p0f is not creating a good BPF. Is eth0 the internet facing interface on this honeypot?
Edit this file: /opt/p0f/p0f_wrapper.sh
At the top, find this line:
INTERFACE=eth0
And chanhe eth0 to whatever interface is the internet facing interface on this box. Then restart p0f like this:
supervisorctl restart p0f
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/97e875c6-1a57-403a-bbf9-030fa4f605a7%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages