Edit Sim Std Server - Relay
Use the Edit Sim Std Server - Relay dialog box to add or edit a Relay definition.
You will find a description of what are Sim Std Servers here.
A Relay server is used to allow visitors to access a service running on another machine.
When a visitor opens a connection to this sim server a second client connection is opened to another service.
All data received from the visitor is logged, then passed directly to the second connection. All data received
from the second connection is also logged and passed to the visitor.
The Relay Sim Server is potentially the most risky part of KFSensor. Use it with care.
It exposes the server it relays to directly to attack and could be used to punch a hole in a firewall.
There are several reasons why you may want to use a Relay Sim Server.
- It is an excellent means of research. You can see exactly how a hacker attacks a real service and how it responds.
- There may be services which you want in your honeypot for which no suitable sim server exists in KFSensor.
Title
- Name
Each Sim Std Server requires a unique name, which is used to identify it.
- Description
A piece of text for notes on what the Sim Std Server aims to support
- Default Port
Most services have standard ports on which visitors expect to find them.
The default port for Relay is 80, but you should set this to the default port of the server you are relaying to.
This is only used as a prompt during configuration of a Listen; a Sim Std Server can be set on
any or many different ports.
- Severity
The severity level that events generated by this Sim Std Server will be given.
This can be overridden as part of the Listen configuration.
Options
These settings control how this Sim Std Server responds to a visitor.
- Time out
The time in seconds that the KFSensor server allows the session to continue for before closing the connection.
- Log style
- Standard
This option puts all the received data in an event's Received field and all the
response data in the Response field.
- Mixed
This option puts a limited amount of the received data in an event's Received field
and put the received data and the response data in the Response field.
- Receive limit
The maximum number of bytes that will be accepted from the visitor before the connection is closed.
- Log response lines
If set to a value greater than zero then a response will be truncated to the specified number of lines when
it is recorded in the log.
- Log response size
If set to a value greater than zero then a response will be truncated to the specified number of bytes when
it is recorded in the log.
- Log receive size
If set to a value greater than zero then a received data will be truncated to the specified number of bytes when
it is recorded in the log.
Relay to
These settings control where this Sim Std Server will open a relay connection.
- Server
The domain name or IP address of the server on which to open the relay connection.
This could be the same machine as KFSensor is running on (e.g. 127.0.01) and even be used to connect to another sim server of KFSensor.
- Port
The domain port number on the server on which to open the Relay connection.
Related Topics
KFSensor On-Line Manual Contents