This section provides information on deployable Low-Interactive-Active-Defense-Services (LIADS) HTTP/HTTPS-based services with configurable options and logging:

HTTP (Basic-Auth)

Emulates an HTTP service running on the server with a basic login page. By default, the service is configured to run on 'TCP/80', any connection attempts made with the service are logged and alerted.

• Log data captured include "Source-IP, Destination-IP, URI, User-Agent, Username/Password used during login attempt", which can be used during analysis by the analyst.

• Service options that can be configured:

  • Service Port, Banner/Version, Template

CITRIX ADC (HTTPS)

Emulates a CITRIX HTTPS service running on the server with the CITRIX portal page. By default, the service is configured to run on 'TCP/443', any connection attempts made with the service are logged and alerted.

• Log data captured include "Source-IP, Destination-IP, URI, User-Agent, Username/Password used during login attempt".

• Service options that can be configured as needed.

  • Port, Banner/Version

CISCO ASA (HTTPS)

Emulates a running Cisco Adaptive Security Appliance (ASA) HTTP service on the server. By default, the service is configured to run on 'TCP/8443', any connection attempts made with the service are logged and alerted.

• Log data captured include "Source-IP, Destination-IP, URI, User-Agent".

• Though the service does not require additional configuration, the service port can be reconfigured as needed.