SSH Honeypot

Catatan kesekian, 3 minggu sebelum ujikom (project work) pukul 10.56PM waktu komputer saya. Saya menambahkan fitur ssh honeypot menggunakan kippo di server debian, dalam judul tugas akhir (project work) Keamanan Jaringan.

Sebelum itu, sedikit penjelasan mengenai honeypot: In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, which are then blocked. This is similar to the police baiting a criminal and then conducting undercover surveillance, and finally punishing the criminal. Wikipedia

Contoh hasil setup ssh Honeypot di server saya (debian) menggunakan Kippo

kippo
Instalasi dan Konfigurasi Kippo

Pertama, install python twisted.

apt-get install python-twisted

kedua, edit port ssh (bebas) contoh saya ubah ke port 69

nano /etc/ssh/sshd_config

cari kalo pake nano ctrl+w port dan ubah portnya

[...]
Port 69
[...]

Restart service ssh

Ketiga, tambah user baru (terserah) contoh uwa

adduser uwa

Logout, dan login kembali menggunakan user uwa.
Kemudian download Kippo.

$ wget http://kippo.googlecode.com/files/kippo-0.8.tar.gz

Extract dengan perintah

$ tar xzf kippo-0.8.tar.gz

Masuk ke folder kippo, dan lihat isinya… ada:

data  dl  doc  fs.pickle  honeyfs  kippo  kippo.cfg  kippo.tac    log  start.sh  txtcmds    utils

oh iya, tambah rule iptables untuk redirect port 22 ke 2222 (default port Kippo)

# iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222

Terakhir start service kippo dengan perintah (didalam folder kippo) dan jangan pake user root pake uwa (contoh) atau apapun terserah.

$ ./start.sh

Untuk log nya, lihat di folder log.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s