Programming Challenge is Born Again!
New Programming Challenge!
Honeypots, Honeypots Galore!
A honeypot generally is a little server application that sysadmins use to catch hackers and crackers. A few common types are applications that emulate key operating system network services, such as SSH, or production services such as FTP. Spammers usually take joy in using open relay mail servers, as well as open proxies, to send their propoganda out to the masses, while covering their tracks.
Your mission, should you choose to accept it: Write a Honeypot!
Here are the requirements-
• Must emulate a Network Service • Should be built to run on Linux/BSD • Should have a method to start/stop service, (even as simple as .pid files,) • Should handle at least 50 users at one time
And for some rules..
• NO stealing others' work! • NO sending compiled binaries! • NO writing malicious code!
Please keep in mind we also enjoy the spirit of open source software, so here's a little deal for you. You ARE allowed to use open source code in your submission, as long as it is not a major piece of the submission. (You may not have someone elses project be yours with only a few modification.) We like these standards, but we will also be harsh on scoring this. If you decide to use this to your benefit, Private Message thousandtoone or grindordie to ask if what you're doing is appropriate before you submit. You MUST follow the liscence guildlines to a T in order to do this, or you WILL be disqualifed.
The scoring on this challenge will be truly dynamic. Should you write some marvelous masterpiece, you will be rewarded for your work. Here are some examples of areas where you can earn points. You are not limited to these-
• Exotic Language Use - We are opening this up to many languages, (see bottom,) so you could earn a few points for using something like TCL or Ruby instead of PHP. This is only a small bonus. • OOP - Proper Object Oriented Programming Methods. This is a place for a fairly large bonus. Should you choose an OO language, you could earn points by making your application based on a strong, scalable framework. Just putting writing a function and calling it a class doesn't cut it, either. More points could be earned here by utilizing OO to make a cleaner, more efficient application, and cutting out lines of code by using more organization through OO. • User Interface - No, not a GUI, simply a UI. Perhaps you'd like to add command line options to start and stop the service, run in different modes, set new options, etc. Moderate bonus here. • Scalability - Could this be used beneficially? Can it be expanded upon easily? • Useful Protocols - If you choose a fake protocol to mimic, how useful is it in a working environment? Moderate bonus here. • Realism - Can you fool a smart hacker whose only resource is your application? • TCP/IP Realism - To be completely honest, I don't expect anyone here other than Mets0c to be able to properly write a TCP/IP application with its own protocol. Details down to types of information packets, packets that resemble SYN/ACK/FIN, ICMP packets to define connection status, etc. Big big big big points to do this accurately. This is a yes or no deal as well, there is no halfway. I'll kiss you if you accurately use ARP and RARP. • Logging and Backend Functionality - Help the admin out! Log parser would be a nice Win App to go along with this if you want another bonus. • Configuration Files • Client/Server Match - If you choose, you can keep people from using programs like Windows Telnet.. Points if you do correctly. • Compression - If you can compress transfer while still making content readable by at least one client, sweet.
Finally, acceptable languages. This one will be judged by both thousandtoone and grindordie, with mets0c possibly as a second opinion if necessary. Because of this, you are slightly limited on languages, but we'll let you go crazy. Here are languages we are willing to handle- PHP, C, C++, Ruby, Ruby on Rails, Python, TCL, Fortran, Cobol, ICON, Perl, SH, (Any shell scripts if you can pull it off.. ;-) )Basic, (NOT VISUAL ANYTHING, Remember, Linux compatible!) ColdFusion, C#, (.NET is surprisingly okay, as long as its MONO compatible,) and Java. If you have questions about others, PM thousandtoone.
For now, this is all I can think that you'd need. If you have questions, feel free to ask. This is a very scalable challenge, worth as many points as you can code.
EMAIL ALL SUBMISSIONS TO: tony [at] kanago [dot dot dot..] net You should know how to format that right. But if you don't. Emails look like this! :) something@something.com Notice the single dot? Goood.
If you plan on trying this, please post here with any information you'd like to give, such as planned features and your chosen language. You don't have to divulge any information, I'd just like to know who is entering.
Remember, you can do this very simply with PHP. Just google for 'php server sockets' and you can do it nice and easily.
Darth, I'd love to see what you'd do with only shell scripts. I think you're excited for nothing. ;)