伪主机模型及实现技术

Pseudo Host Model and Implementation Technology

在分析传统蜜罐系统实现技术的基础上,提出一种基于共享宿主机(镜子主机)协议栈且通过协议栈的反射实现数据报接收和发送处理的伪主机模型。在使用伪主机构建的蜜罐系统中,响应针对伪主机请求的诱骗源和伪主机分层管理,降低了蜜罐系统本身被入侵的风险;通过对当前网络中IP资源和主机的端口资源进行全局管理,为网络中已使用的IP地址部署诱骗源。实验结果表明该系统具有较好的诱骗效果。

Based on the analysis of implementation technology of traditional honeypot,this paper presents a pseudo host model,which is used to build honeypot system.All pseudo hosts share the local host’s protocol stack.By the reflection of the stack,pseudo host implement to send and receive packets.The decoy servers separate from the pseudo host,so the risk of the honsypot system to be intruded is decreased.By dynamic manage IP addressed and the ports in LAN,the decoy server also can apply to the IP address that is assigned to a real host.The scan result shows this model can meet the requirements of the honeypot system.