Focused On Your Success
|

DTK V0.3
|
DTK V0.3
DTK V0.3 is a substantially improved and enhanced version of DTK. It
enhances previous deception techniques by adding automated programmable
response capabilities that permit automated reconfiguration of systems when
under attack, remote retrieval of deception logs from networked hosts to
allow for big-picture detection and analysis of attack patterns, it includes
better installation for more common operating environments, and it has a new
database interface to allow logfile information to be placed into and
analyzed in a database pogram.
DTK V0.3 is freely available for individual and research use and may be
inexpensively licensed for corporate or government use. It can be
distributed and redistributed without royalty, provided that all copyright
notices are left in tact and no corporate or for-profit use is made of it.
There is one non-corporate exception to this free license to use DTK.
Anybody that uses it to attack systems or find weaknesses for others to
exploit or does anything else with DTK that tends to produce inconvenience
for non-attackers, is required to pay a royalty of US$250 per copy to me -
including a fee, of course, for each updated copy, backup copy, other copy
made, copy seen, used, or whatever else. Crime costs.
Those who use and like DTK for defense are encouraged to send $3 per
computer with DTK installed (or more if you really like it a lot) to me
(check or money order would do nicely) to support this good work, or to send
improvements and updates, deception scripts that detect new attacks, and so
forth. If they are useful, we will include them - subject of course to the
same copyrights, terms, and conditions used in the rest of DTK.
The official home of DTK is at http://all.net. Comments are invited
(send nice things to fc@all.net - complaints and harassment go to
nobody@nowhere.org).
New in DTK V0.3
New features in version 0.3 include:
- Respond.pl has been augmented to provide state, service, and
situation-based InfoCon levels for flexible response options. In future
versions, we hope to integrate this with modifications to the hosts.allow
file within TCP wrappers. This will allow DTK to automatically scale up
defenses, reduce unnecesaary services, and alter deceptions when attacks are
underway or when the overall network situation indicates that attacks are
likely (using the InfoCon concepts being debated within the U.S. Federal
government). A time-based response reduction process also permits defenses
to be automatically scaled back as attacks wane so that when the attacks or
the overall threat level goes down, normal operations and low priority
services can resume.
- The response to port 365 (the deception port) has been augmented to
allow a password to be used to retrieve the DTK log file. Eventually, this
will become cryptographically secured, but for now, it is plaintext. This
feature allows you to retrieve deception logs remotely through the use of a
password, and in effect, allows you to manage detection for a whole network
from a central management system.
- A "database" format for DTK logs has been added to permit log files to
feed directly into standard SQL, microsoft, and other database formats. This
allows automated analysis of detection rates, report generation, and central
database analysis of networks using DTK for deception.
DTK V0.2
Augments DTKv0.1 to add deception for most of the commonly used services
(telnet, ftp, smtp, chargen, daytime, NTP, finger, http, gopher, and others).
It also has an easier installation procedure and several other enhancements
that you can read about below. DTK is increasingly effective at reducing the
threat from 90% of today's attackers.
New in DTK V0.2
New features in version 0.2 include:
- A far improved installation program (Configure).
- Installation in any directory on the system.
- Automatically generated deceptive password files from your internal
password file if desired.
- No operational dependencies on programs like grep and cat.
- More services with better deceptions.
- Support for boot-time installation of DTK in place of inetd where appropriate.
- Service-by-service customization of timeouts and maximum session duration.