Method and system for implementing honeypot based on Nginx

Abstract

The invention discloses a method and a system for implementing a honeypot based on Nginx, which belong to the technical field of computer network security. The method includes the following steps: a configuration module configures at least one honeypot service path in an Nginx server; a blacklist service system generates and stores a blacklist to enable an LUA script module embedded into the Nginxserver to be loaded to the memory of the Nginx server at a fixed time, wherein the LUA script module communicates with the blacklist service system through a communication protocol; the LUA script module obtains the current access record of the at least one honeypot service path, and determines whether the IP address of the current client included in the current access record is contained in thelatest blacklist in the memory of the Nginx server; and if the result is yes, honeypot service will be provided for the current client, otherwise, honeypot service will not be provided for the currentclient. According to the embodiments of the invention, only a specified client can access the honeypot service, and unified, flexible and safe honeypot deployment is realized.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a method and system for implementing a Nginx-based honeypot. Background technique [0002] Honeypot technology is essentially a technology to deceive the attacker. By arranging some hosts, network services or information as bait, it induces the attacker to attack them, so as to capture and analyze the attack behavior. Therefore, the honeypot It is a targeted service that only needs to guide the attacker into the honeypot, and ordinary users do not need to visit it. At the same time, the closer the honeypot is to the business, the higher its authenticity and exposure rate, and the greater the attraction rate to attackers. Honeypots are mainly divided into low-interaction, high-interaction and sticky honeypots (Tarpits). [0003] Traditional honeypots are deployed under the second-level domain name of the target site or on the C-segment address of the target ser...

AI Technical Summary

Problems solved by technology

If the WEB honeypot is deployed under the second-level domain name, after the attacker enters the honeypot and controls the WEB service of the honeypot, it may cause a secondary attack in which Cookies are stolen due to the same-origin policy, so the honeypot is very unsafe. control

Since many servers provide services based on VPS hosts on the cloud, the IP address segments of the same enterprise are not uniform, and may not all be in the same C segment, so honeypots deployed based on C segment IP addresses and independent IP addresses are not targeted and very It is difficult to attract real targeted attackers; moreover, under normal circumstances, the deployment of honeypots is complicated and the flexibility is low. It is difficult to carry out secondary transformation and adjustment after deployment. The deployment cost is high, and it is difficult to deploy large-scale honeypots.

Images