---------- Forwarded message ----------
Date: Thu, 14 Mar 2002 11:25:18 -0600
From: Rob Wagner <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [dtk] (unknown)
I am having some problems setting up DTK. I have a server that runs a
website and gets scanned on ftp regularly. I want to setup DTK on ports
other than http. Since Redhat 7.2 uses xinetd, I have setup the following
in the /etc/xinetd.d/ directory:
--------------------------------/etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /dtk/Telnet.pl
log_on_failure += USERID
disable = no
}
------------------------------------end telnet
------------------------------------/etc/xinetd.d/ftp
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /dtk/Generic.pl
log_on_failure += USERID
disable = no
}
-----------------------------------------end ftp
I have also added to /etc/hosts.allow:
----------------------------------------/etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
in.telnetd: all: twist /dtk/telnetd -L /dtk/Telnet.pl %a 80 %u %d
testing
# thttpd: all: twist /dtk/Generic.pl %a 80 %u %d testing
in.pop3d: all: twist /dtk/Generic.pl %a 110 %u %d unknown
in.wrapd: all: twist /dtk/Generic.pl %a 421 %u %d unknown
in.ftpd: all: twist /dtk/Generic.pl %a 21 %u %d unknown
att111: all: twist /dtk/Generic.pl %a 111 %u %d unknown
att10752: all: twist /dtk/Generic.pl %a 10752 %u %d unknown
# all: all: twist /dtk/coredump
-----------------------------------------------end hosts.allow
I have added this to /etc/services
---------------------------------------------from the last lines of
/etc/services
dtk 365/tcp # Deception toolkit port
dtk 365/udp # Deception toolkit port
wrapd 421/tcp # TCP wrappers attack deception
daemon
att111 111/tcp # attack port
att10752 10752/tcp # attack port
------------------------------------------end services
When connecting to the telnet port I get:
-----------------------------------------telnet to myhost.com
Welcome to myhost.com:
This computer is for Authorized Use Only. All actions and data
entering, leaving, stored, and processed on or through this system is
subject to monitoring, search, and use in any legal manner by the
owners. You have no implicit or explicit expectation of privacy in the
use of this system.
If you DO NOT agree to these terms and conditions terminate your
connection immediately. If you DO agree to these terms and conditions,
press <enter> to proceed:
Linux myhost.com login:Password:
myhost.com login:Password:
myhost.com login:
----------------------------------------end telnet session
If I press enter when asked, I get kicked off (I have to wait a few
seconds). No matter what is entered, it just keeps asking for
login:Password: and repeating.
When I connect to the ftp port, it just hangs and doesn't do anything. I
get a message in the secure log:
Mar 13 11:41:51 xserver02 xinetd[1978]: START: ftp pid=6272 from=<my ip>
I configured this using mainly the defaults
----------------
my /home/dtk.config file reads:
-----------------------------------------/home/dtk.config
Last_WORKING_DIR="/dtk"
Last_WHICH_PERL="/usr/bin/perl"
Last_WHICH_PERL_LIB="/usr/lib/perl5"
Last_HOST_NAME="myserver.mydomain.com"
Last_NEW_OS="Linux"
Last_FAKE_OS="Linux"
Last_LOG_COMPRESSED="2"
Last_MAX_LENGTH="256"
Last_TIME_OUT="120"
Last_MAX_LOOP="120"
Last_EMAIL_TO="[EMAIL PROTECTED]"
Last_Password="/password/"
Last_TBPKEY="fhuiasdhiasnxkjsadhsad"
-------------------------------------------------------end dtk.config
I haven't received any emails about activity, so currently this isn't
providing any kind of useful recon for me. Does anyone know what I am
missing or doing wrong?
Thanks in advance for your assistance! - RW
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/nuyOHD/7.PDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
Community email addresses:
Post message: [EMAIL PROTECTED]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://www.onelist.com/community/dtk
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/