Edit Sim Std Server - SOCKS
Use the Edit Sim Std Server - SOCKS dialog box to add or edit a SOCKS definition.
For more information on this sim server and how to configure it see the
KFSensor Proxy Server emulation section
in the KFSensor Administration Guide.
This Sim Std Server emulates a SOCKS proxy server.
SOCKS is a generic proxy server for TCP and UDP based networking.
SOCKS enables clients to connect to application servers that they do not have direct access to.
A well configured SOCKS server can form a valuable part of an organizations security infrastructure.
However an incorrectly configured SOCKS server is a favorite tool for hackers and spammers as it provides the benefit of masking the client's address
from the target application server.
This Sim Std Server correctly implements a sub-set of all three SOCKS protocols; 4, 4A and 5.
Socks Authentication
KFSensor supports "No authentication required" and "User/Password" forms of authentication.
The choice of the authentication method used is the servers decision and the point of this sim server is to emulate an open proxy server so this
is all that is required.
Socks Requests
- CONNECT - This request sets up a client connection to a remote server and forms the vast majority of SOCKS requests.
The response to this type of request is controlled by the Proxy emulation option.
- BIND - The request sets up a reverse connection allowing a target machine to open a connection to the client. This is used
in the data pipe for an FTP transaction. The Sim Server always refuses to allow this request.
- UDP Associate - This allows the relaying on UDP traffic. The Sim Server always refuses to allow this request.
Configuration
Title
- Name
Each Sim Std Server requires a unique name, which is used to identify it.
- Description
A piece of text for notes on what the Sim Std Server aims to support
- Default Port
Most services have standard ports on which visitors expect to find them.
The default port is TCP 1433.
This is only used as a prompt during configuration of a Listen; a Sim Std Server can be set on
any or many different ports.
- Severity
The severity level that events generated by this Sim Std Server will be given.
This can be overridden as part of the Listen configuration.
Logging Options
These settings control how the data is logged.
- Log decoded packet
If checked then each packet will be decoded and logged in a human readable format.
Only the SOCKS packets will be decoded, data transferred via SOCKS will always be displayed in raw format.
- Log raw packet
If checked then the raw binary data of the packet will be logged.
If both this option and the one above are checked then each packet will be logged first in
decoded format and then as a binary value.
- Log response size
If set to a value greater than zero then a response will be truncated to the specified number of bytes when
it is recorded in the log.
- Log receive size
If set to a value greater than zero then a received data will be truncated to the specified number of bytes when
it is recorded in the log.
Options
- Proxy emulation
These setting control how the server responds to requests.
See the KFSensor Proxy Server emulation section
in the KFSensor Administration Guide for more details.
- Time out
The time in seconds that the KFSensor server allows the session to continue for before closing the connection.
- Idle Time out
The time in seconds that the KFSensor server will wait for traffic on a connection before closing the connection.
- Receive limit
The maximum number of bytes that will be accepted from the visitor before the connection is closed.
- Response Delay
The option allows the time taken by a connection to be slowed down by adding a delay in milliseconds, before each response is sent.
This feature provides a good way of slowing down an attack and preventing the honeypot from being over loaded.
Note: Unlike the other time settings this one is in milliseconds, not seconds.
Buttons
Related Topics
KFSensor On-Line Manual Contents