基于Honeyd的蜜罐系统的设计与实现-通信与信息系统专业论文.docxVIP

机操作系统。然而，由于扫描器技术的快速发展，而目前的 Honeyd 仍 然使用上一代 Nmap 的指纹库，从而新版本的 Nmap 无法检测出 Honeyd 虚拟主机的操作系统，使得 Honeyd 的功能失效。因此，本文在现有 Honeyd 蜜罐的基础上，进行指纹库的升级，使之可以适应新版本的 Nmap。 2. Honeyd 蜜罐的识别技术使得蜜罐系统失效。蜜罐系统是一种基于 虚拟系统和协议的技术，它和真实系统总存在着无法避免的区别。因此， 妄图攻击的黑客们利用这种区别来识别出蜜罐系统，使得蜜罐系统失去 功效。目前，已经有许多针对蜜罐的识别技术出现。本文选择其中针对 Honeyd 的识别技术做简要介绍，并给出相应的反识别的方案。 本文介绍了蜜罐系统的基本原理，着重介绍了 Honeyd 蜜罐，设计和 实现了基于 Honeyd 的蜜罐系统，并针对 Honeyd 蜜罐的上述问题进行改 善。本文所实现的系统参加了 2010 世博会的安全保障工作。本文在最 后部分介绍了世博运维的部分实际数据。 关键词： 蜜罐系统，Honeyd，指纹库，Nmap，蜜罐识别 REASEARCH AND DEVELOPMENT OF AN HONEYPOT SYSTEM BASED ON HONEYD ABSTRACT As the major threat to Internet shifting from widespread undifferentiated worms and e-mail virus to the individulized profit-oriented hacker attacks, traditional protective techniques such as data authentication, fire walls, data encryption and authentication seem to be lagging behind in terms of protective method. Honeypot system is a type of technology which actively defends the Internet by forging targets and enticing attacks. This paper will conduct its research on Honeypot system through the development of an actual honetpot. For practical reasons, this paper chooses Honeyd a product-type Honeypot as the core of the designing and realization of the Honeypot system. Honeyd has many good properties. It is small and compact, easy to install, has powerful functions and strong practicability and thus possess the prospect of being industrialized. However, along with the technological development, there also comes several inevitable problems. During the process of research and development, the author of this paper found there are two major problems. Firstly, the current OS fingerprint database of Honeyd is out of date. Targeting the operating system of host servers a prelude and necessary step to hacker attacks, and is decisive to their follow-up activity. Hackers usually target the host by using fingerprint technology in operating system. Therefore, forging a virtual host fingerprint is a function of great importance to