|[ < ]||[ > ]||[ << ]||[ Up ]||[ >> ]||[Top]||[Contents]||[Index]||[ ? ]|
impost -p 500 -s /path/to/scripts/identd.pl
This will load the perl script `/path/to/scripts/identd.pl', which is supplied as an sample script in Impost's source directory. After loading the perl script, Impost will bind a socket to port 500 and act like a honey pot -- everytime a buffer is received or a connection is made a sub routine will be called in the perl script which can be used to control how Impost responds and communicates with clients.
If a script is not supplied in the command-line, Impost will not be able to respond or communicate with clients; however it will still be able to detect and analyze suspicious buffers.
impost -p 100 -u 500
Options `-u' and `--unusual' will allow you to do just that. The default value is `256' as configured in the generic configuration script supplied in with Impost. The above example will set the "suspect" buffer size to `500' -- no detections will be trigged by buffers under `500' bytes unless they contain valid operation codes.
impost --sniff -p 21
This will enable Impost's packet sniffer and watch incoming packets destined for port `21'. Impost will use the first default device found by Libpcap.
You need to set Impost's device setting to your systems local loopback device (for instance linux's local loopback device is `lo' and the local loopback device on OpenBSD is lo0). You can do this by specifying the `--device' option:
impost --sniff -p 21 --device=lo0
For more info about command-line options:
See section 4. Invoking Impost.
|[ << ]||[ >> ]||[Top]||[Contents]||[Index]||[ ? ]|