KFSensor

 

Edit Sim Std Server - Relay

Use the Edit Sim Std Server - Relay dialog box to add or edit a Relay definition.

You will find a description of what are Sim Std Servers here.

A Relay server is used to allow visitors to access a service running on another machine.
When a visitor opens a connection to this sim server a second client connection is opened to another service. All data received from the visitor is logged, then passed directly to the second connection. All data received from the second connection is also logged and passed to the visitor.

The Relay Sim Server is potentially the most risky part of KFSensor. Use it with care.
It exposes the server it relays to directly to attack and could be used to punch a hole in a firewall.

There are several reasons why you may want to use a Relay Sim Server.

  1. It is an excellent means of research. You can see exactly how a hacker attacks a real service and how it responds.
  2. There may be services which you want in your honeypot for which no suitable sim server exists in KFSensor.

Title

  • Name
    Each Sim Std Server requires a unique name, which is used to identify it.
  • Description
    A piece of text for notes on what the Sim Std Server aims to support
  • Default Port
    Most services have standard ports on which visitors expect to find them.
    The default port for Relay is 80, but you should set this to the default port of the server you are relaying to.
    This is only used as a prompt during configuration of a Listen; a Sim Std Server can be set on any or many different ports.
  • Severity
    The severity level that events generated by this Sim Std Server will be given. This can be overridden as part of the Listen configuration.

Options

These settings control how this Sim Std Server responds to a visitor.
  • Time out
    The time in seconds that the KFSensor server allows the session to continue for before closing the connection.
  • Log style
    • Standard
      This option puts all the received data in an event's Received field and all the response data in the Response field.
    • Mixed
      This option puts a limited amount of the received data in an event's Received field and put the received data and the response data in the Response field.
  • Receive limit
    The maximum number of bytes that will be accepted from the visitor before the connection is closed.
  • Log response lines
    If set to a value greater than zero then a response will be truncated to the specified number of lines when it is recorded in the log.
  • Log response size
    If set to a value greater than zero then a response will be truncated to the specified number of bytes when it is recorded in the log.
  • Log receive size
    If set to a value greater than zero then a received data will be truncated to the specified number of bytes when it is recorded in the log.

Relay to

These settings control where this Sim Std Server will open a relay connection.
  • Server
    The domain name or IP address of the server on which to open the relay connection.
    This could be the same machine as KFSensor is running on (e.g. 127.0.01) and even be used to connect to another sim server of KFSensor.
  • Port
    The domain port number on the server on which to open the Relay connection.

Related Topics


KFSensor On-Line Manual Contents