Edit Sim Std Server - MySql
Use the Edit Sim Std Server - MySql dialog box to add or edit a MySql definition.
You will find a description of what are Sim Std Servers here.
This Sim Std Server emulates a MySql database system.
The emulation allows the visitor to log on to the simulated database and examine database schemas and tables.
The decoded packets provides a number of interesting fields that can reveal a lot of information about an attacker.
Title
- Name
Each Sim Std Server requires a unique name, which is used to identify it.
- Description
A piece of text for notes on what the Sim Std Server aims to support
- Default Port
Most services have standard ports on which visitors expect to find them.
The default port is TCP 1433.
This is only used as a prompt during configuration of a Listen; a Sim Std Server can be set on
any or many different ports.
- Severity
The severity level that events generated by this Sim Std Server will be given.
This can be overridden as part of the Listen configuration.
Options
These settings control how the data is logged.
- Require Authorization
If this option is checked the visitor will receive a logon error message if they attempt to log on to the database, their credentials will always be rejected.
If unchecked then the visitor will be allowed to logon, whatever password they enter.
- Log decoded packet
If checked then each packet will be decoded and logged in a human readable format.
- Log raw packet
If checked then the raw binary data of the packet will be logged.
If both this option and the one above are checked then each packet will be logged first in
decoded format and then as a binary value.
- Response Delay
The option allows the time taken by a connection to be slowed down by adding a delay in milliseconds, before each response is sent.
This feature provides a good way of slowing down an attack and preventing the honeypot from being over loaded.
Note: Unlike the other time settings this one is in milliseconds, not seconds.
Related Topics
KFSensor On-Line Manual Contents