High-interaction SSH honeypot implementation method

Abstract

The invention discloses a high-interaction SSH honeypot implementation method which comprises the following steps: connecting a system SSH port, judging whether SSH service exists or not, and enteringthe next step if the SSH service exists; capturing an authenticated user name/password during password identity authentication by utilizing a logit function and an authctxt structure body in the OpenSSH; after the password is successfully authenticated, modifying related module codes by utilizing the characteristic that SSH service processes client data through a pipeline and a user processing interactive session module, so as to record the shell password; controlling the outflow flow of the honeypot system, including two processes of limiting an external data packet and inhibiting an external attack packet; and analyzing, processing and displaying the data captured by the honeypot system by utilizing a javaweb technology. According to the high-interaction SSH honeypot implementation method, the defects that a passive defense technology cannot be used for SSH attacks which are continuously updated and changed due to valleys, and medium and low interaction SSH honeypots are low in interaction degree, insufficient in decorativeness, easy to be broken and the like can be overcome, and the security defense capability for SSH services is improved.

Description

technical field [0001] The invention specifically relates to a high-interaction SSH honeypot implementation method, which belongs to the technical field of active defense in network information security. Background technique [0002] SSH (Secure Shell) can be used for remote login sessions and provide security services for other network services, and has become an indispensable part of corporate life. With the widespread use of this protocol, there are more and more malicious attacks against this service, which poses a huge challenge to network security. Nowadays, how to deal with malicious attacks against the service and take appropriate protective measures has become an important research topic in SSH service security. According to the attacker's habit of invading the system through the SSH service, real-time monitoring and capture of the attacker's behavior during the attack process, and the extracted intrusion behavior to understand the attack method used by the attacke...

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to overcome the defects of the prior art, provide a kind of SSH attack that can solve the passive defense technology that cannot be continuously updated due to the bottom of the valley, and the interaction degree of the medium and low interaction SSH honeypot is not high and the deception is insufficient. A high-interaction SSH honeypot implementation method to improve the security defense capability of the SSH service by being easily seen through and other defects

Images