Appendix A: Fake Daemons(1)
I found these two fake daemons (Sendmail and Telnet(19)) at packetstorm.securify.com once. They're great to fool attackers and to play tricks on your friends.
These are Perl (a programming language) programs.
To execute them (no, executing a file doesn't have anything to do with killing it...) on Unix, simply type ./filename and replace filename with the name of the file you wish to execute. Every Unix "flavor", "distribution" or whatever you want to call it, comes with Perl (I think. Correct me if I'm wrong: barakirs@netvision.net.il).
To execute them under DOS/Windows, you have to download Active Perl from www.activeperl.com and then simply double click them.
I don't know how to execute them under Mac. I guess Active Perl supports Macs, but I'm not sure.

Now, on to the fake daemons.
These two daemons came in a single package together with a readme file. Following are all three files. I did not alter any of those files, it's up to you to do so. Play with them and learn.
Oh, by the way, if you wish to learn Perl (or any other programming language), head off to http://blacksun.box.sk and find the books section.
Enjoy!

== Readme ==

heh.. this piece is no way serious, but if anyone think it would be cool to
keep working on the piece, drop a line with your ideas. We may develop it
further. ;-). I basically coded it just for fun, when I had few spare
minutes.

The piece is supposed to be `want-to-be-Windog-Deception-toolkit' which
contains sample sendmail.pl and telnetd.pl which are supposed to be fake
sendmail and telnet daemons. To run this code you will need to download
and install perl for windoze. (I used active perl from
http://www.activeware.com to test it).

Hope you will have fun with it

C.P.
fygrave@tigerteam.net
Sun May 23 17:12:51 KGST 1999

== End of Readme ==

-- [ SendmailD ] -- #editor's notes: SendmailD stands for Sendmail Daemon(1), just like TelnetD stands for Telnet Daemon etc'

#!/usr/bin/perl

use Socket;

$port=25;
$hostname="booga.com"; # does windog have gethostbyname?
$banner="220 boogaa.com ESMTP Sendmail 8.6.1/8.5.0\n\r"; # date should be aslo here
$fail="500 Command unrecognized:";

socket(S,AF_INET,SOCK_STREAM,$protocol) || die "socket: $!";

$sockaddr='S n a4 x8';

$this=pack($sockaddr,AF_INET,$port,"\0\0\0\0");

bind(S,$this) || die "bind: $!";

listen(S,10) || die "listen: $!";

select(S);
$|=1;
select(STDOUT);

while(1) {
($addr= accept(NS,S)) || die "accept: $!";

select(NS);
$|=1;
select(STDOUT);

#
#here we should fork. but damn windog doesn't support this. crap.
# Any ideas?
($af,$port,$inetaddr)=unpack($sockaddr,$addr);
@inetaddr=unpack('C4',$inetaddr);
($i1,$i2,$i3,$i4)=@inetaddr;
$ipaddr="$i1.$i2.$i3.$i4";
print "connected from $ipaddr\n";

print NS $banner;
while(<NS>) {
if (/EHLO/i) {
print NS "Hello $ipaddr. nice to meet you\n\r";
} else {
print NS "$fail $_\r";
print "tried $_";
}
}
print "$ipaddr disconnected\n";

close(NS);
}

-- [ End of SendmailD ] --

-- [ Telnetd ] --

#!/usr/bin/perl

use Socket;

$port=23;
$login="\n\rlogin:";
$password="password:";
$banner="\n\r\n\rUnix(r) System V Release 4.0 (brooder)\n\r";
$fail="login incorrect.\n\r";

socket(S,AF_INET,SOCK_STREAM,$protocol) || die "socket: $!";

$sockaddr='S n a4 x8';

$this=pack($sockaddr,AF_INET,$port,"\0\0\0\0");

bind(S,$this) || die "bind: $!";

listen(S,10) || die "listen: $!";

select(S);
$|=1;
select(STDOUT);

while(1) {
($addr= accept(NS,S)) || die "accept: $!";

select(NS);
$|=1;
select(STDOUT);

#
#here we should fork. but damn windog doesn't support this. crap.
# Any ideas?
($af,$port,$inetaddr)=unpack($sockaddr,$addr);
@inetaddr=unpack('C4',$inetaddr);
($i1,$i2,$i3,$i4)=@inetaddr;
$ipaddr="$i1.$i2.$i3.$i4";
print "connected from $ipaddr\n";

print NS $banner;
print NS $login;
while(<NS>) {
print "attempt to log in as $_\n";
print NS "$password";

$ll=<NS> || last;
sleep 5;
print "tried password $ll. Login incorrect is given\n";
print NS $fail;
print NS $login;
}
print "$ipaddr disconnected\n";

close(NS);
}

-- [ End of TelnetD ] --