Charles Steinkuehler's LEAF/LRP Website

[ Home ] [ Up ] [ Contents ] [ Links ] [ Search ] [ Contribute ] [ Mirrors ] [ c0wz mirrror ] [ Support ]

LaBrea
[ bind-8 ] [ dhclient ] [ dhcpd ] [ dnscache ] [ Extended Scripts ] [ Hard Disk Addon ] [ ifconfig ] [ IPSec 1.91 ] [ LaBrea ] [ LCDProc ] [ LRP-CD ] [ mawk ] [ nmap ] [ RAID ] [ ramdisk ] [ sniffit ] [ thttpd ] [ Utilities ] [ webalizer ] [ weblet/sh-httpd ]

DOWNLOAD

LaBrea is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.

DOWNLOAD

LaBrea 2.2
File	Protocol	Speed	Site
LaBrea.lrp	http	Fast	LEAF Sourceforge site
LaBrea.lrp	http	Slow	Local download

CONFIG

IMPORTANT! For backups to work properly, you must use LaBrea in the LRP= line of your kernel parameters, not labrea (note case sensitivity).
Startup parameters are in the init script: /etc/init.d/LaBrea
Edit /etc/LaBreaExclude and /etc/LaBreaHardExclude as required

MAN PAGES

LaBrea.README

NOTES

Read the documentation, above, and make sure you know what you're doing before using this program!
On my firewall (Dachstein 2.2.19 kernel), the interface LaBrea is using drops out of promiscuous mode when LaBrea starts up (a known bug with some systems), so there's a call to ifconfig in the init script (saddly, you cannot set promiscous mode with the ip command). You may need to download ifconfig (see the utilities page), or comment the ifconfig call in the init script. Check your log to verify the interface is staying in promiscuous mode. My log looks like:
```
krypton /usr/sbin/LaBrea: Initiated on interface eth0   <- LaBrea started by init script
krypton kernel: eth0: Promiscuous mode enabled.
krypton kernel: device eth0 entered promiscuous mode
krypton kernel: eth0: Promiscuous mode enabled.
krypton kernel: device eth0 left promiscuous mode       <- eth0 leaving promiscuous mode
krypton kernel: eth0: Promiscuous mode enabled.         <- This is the ifconfig call
krypton kernel: device eth0 entered promiscuous mode
```

FILES

10/05/01  10:24          43,638  LaBrea.lrp

-rw------- root/root         0 Oct 05 10:23 2001 etc/LaBreaExclude
-rw-r--r-- root/root         0 Oct 05 10:23 2001 etc/LaBreaHardExclude
-rwxr-xr-x root/root       650 Oct 04 16:51 2001 etc/init.d/LaBrea
-rwxr-xr-x root/root     76956 Oct 04 17:53 2001 usr/sbin/LaBrea
-rw------- root/root       144 Oct 05 09:42 2001 var/lib/lrpkg/LaBrea.conf
-rw-r--r-- root/root     20106 Oct 04 13:48 2001 var/lib/lrpkg/LaBrea.help
-rw-r--r-- root/root        69 Oct 04 16:45 2001 var/lib/lrpkg/LaBrea.list
-rw-r--r-- root/root         4 Oct 04 13:41 2001 var/lib/lrpkg/LaBrea.version

SOURCE

LaBrea2_2.tgz

Charles Steinkuehler's LEAF/LRP Website

DOWNLOAD

CONFIG

MAN PAGES

NOTES

FILES

SOURCE

Local Web Statistics Send feedback about this web site. Last modified: December 04, 2001

Local Web Statistics
Send feedback about this web site.
Last modified: December 04, 2001