| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
impost -p 500 -s /path/to/scripts/identd.pl |
This will load the perl script `/path/to/scripts/identd.pl', which is supplied as an sample script in Impost's source directory. After loading the perl script, Impost will bind a socket to port 500 and act like a honey pot -- everytime a buffer is received or a connection is made a sub routine will be called in the perl script which can be used to control how Impost responds and communicates with clients.
If a script is not supplied in the command-line, Impost will not be able to respond or communicate with clients; however it will still be able to detect and analyze suspicious buffers.
impost -p 100 -u 500 |
Options `-u' and `--unusual' will allow you to do just that. The default value is `256' as configured in the generic configuration script supplied in with Impost. The above example will set the "suspect" buffer size to `500' -- no detections will be trigged by buffers under `500' bytes unless they contain valid operation codes.
impost --sniff -p 21 |
This will enable Impost's packet sniffer and watch incoming packets destined for port `21'. Impost will use the first default device found by Libpcap.
You need to set Impost's device setting to your systems local loopback device (for instance linux's local loopback device is `lo' and the local loopback device on OpenBSD is lo0). You can do this by specifying the `--device' option:
impost --sniff -p 21 --device=lo0 |
For more info about command-line options:
See section 4. Invoking Impost.
| [ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |