Adding deception ToolKit should be undertaken after other network services are active because DTK has a tendency to occupy all otherwise unused ports. To start, enter the following lines:
cp -a /usr/local/dtk /tmp cd /tmp/dtk ./Configure
At this point, DTK wants to ask you a lot of questions. You should try to answer them correctly. Here is an example of a session:
Copying configure file Setting paths in files Install directory (/dtk):[enter] Making /dtk...Done. Which perl (/usr/bin/perl):[enter] Which perl lib directory (/usr/lib/perl5):[enter] Host information. Which fully-qualified domainname should I claim (all.net):[use your domain name] Using [whatever you selected] Select your real OS from this list (by number) or enter the OS name (Linux): 1) Linux 2) Solaris 3) SunOS 4) HPUX 5) AIX 6) SGI 7) NT 8) Ultrix 9) SCO Selection:[select 1 here] OS set to Linux Select your DECEPTION OS from this list (by number) or enter the OS name (Solaris): 1) Linux 2) Solaris 3) SunOS 4) HPUX 5) AIX 6) SGI 7) NT 8) Ultrix 9) SCO Selection:[select the type of system you want people to believe you are running] FAKE_OS set to Linux Log files Standard, sYslog, Compressed, or Database format (s/y/c/D)?(2):[enter] LogFile Format Unchanged (2) Password for remote retrieval of the DTK log (all-characters-no-spaces) - OR - : for no password) - OR - O for One Time Pad - OR - A for Algorithmic Authentication - OR - T for Time-Based Authentication: (!O)?:[enter] Password set to !O Maximum input length to log (120)?:[enter] Maximum Length set to 120 Time (in seconds) between inputs before we act like a core dump (20)?:[enter] Timeout set to 20 Maximum inputs before we act like a core dump (20)?:[enter] Loop count set to 20 Send email to (user@all.net)?:[enter YOUR email address here] Email going to [Your email address] Updating installation files.. .access.pl.. anonysurf.pl.. clockdrift.pl.. coredump.pl.. date.pl.. expandlog.pl.. Generic.pl.. infocon.pl.. listen.pl.. logging.pl.. md5.pl.. newudplisten.pl.. notify.pl.. oneway.pl.. orders.pl.. passgen.pl.. respond.pl.. smtp.pl.. talk.pl.. tbp.pl.. tcpget.pl.. tcpte Generate a fake password file based on your password file (Y/n):[enter] mv: cannot stat `@fake.passwd': No such file or directory New custom fake password file generated Done. Generate an OTP file of 100 mantras (y/n/O):[enter] Using old OTP file if it exists - otherwise creating new one. Creating a new one. cc -o mantra mantra.c 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 New OTP file generated Done. Move files in /dtk (Y/n):[enter] [lots of output...] Clearing the InfoCon files Making IP log area Cleaning up cleanup Saving dtk.config Configure completed - please continue with installation per the download.html file
Now that DTK is configured and installed, type the following to start deception services:
cd /dtk cat dtk.inetd.conf >> /etc/inetd.conf cat dtk.services >> /etc/services cat dtk.hosts.allow >> /etc/hosts.allow /cdrom/sbin/inetd killall -HUP inetd
To test operation, try to telnet to the deception IP addresson port 365:
telnet localhost chargen
It should connect, wait for some time, then indicate "core dumped" and disconnect.