diff --git a/docs/content/FAQ/_index.md b/docs/content/FAQ/_index.md index d2738ead1..85c252435 100644 --- a/docs/content/FAQ/_index.md +++ b/docs/content/FAQ/_index.md @@ -26,7 +26,7 @@ Below are some of the most common questions we receive about the Infection Monke - [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent) - [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network) - [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen) -- [How can I limit Monkey's propagation through the network?](#how-can-i-limit-monkeys-propagation-through-the-network) +- [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network) - [How can I get involved with the project?](#how-can-i-get-involved-with-the-project) ## Where can I get the latest version of the Infection Monkey? @@ -225,40 +225,42 @@ This is sometimes caused when Monkey Island is installed with an old version of - **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). - **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work. -## How can I limit Monkey's propagation through the network? +## Can I limit how the Infection Monkey propagates through my network? -In order to limit Monkey's ability to propagate through the network you can: +In order to limit how the Infection Monkey is able to propagate through your network, you can: -#### Set a propagation depth +#### Adjust the scan depth -Setting a propagation depth means that the monkey will spread user-provided number of hops from patient zero. If we set -propagation depth to 1, the Monkey will spread only one hop from patient zero. Propagation depth does not limit the number of +The scan depth limits the number of hops that the Infection Monkey agent will spread from patient zero. If +the scan depth is set to 1, the agent will spread only 1 hop from patient zero. Scan depth does not limit the number of devices, just the number of hops. -- **Example**: Propagation depth is set to 2. Host A scans the network and finds host B, C, D and E. -Monkey successfully propagates from Host A to Host C. Since the propagation depth is 2. Monkey will pivot -from Host C, continue to scan the network and attempt to propagate machines. If Host C successfully breaches -Host E, it will not pivot further and it will not continue to attempt propagation. +- **Example**: Scan depth is set to 2. _Host A_ scans the network and finds hosts _B, C, D_ and _E_. +The Infection Monkey agent successfully propagates from _Host A_ to _Host C_. Since the scan depth is 2, the agent will pivot +from _Host C_ and continue to scan other machines on the network. If _Host C_ successfully breaches +_Host E_, it will not pivot further and it will not continue to scan or propagate. -![What is propagation depth](/images/faq/propagation_depth_diagram.png "What is propagation depth") +![What is scan depth](/images/faq/propagation_depth_diagram.png "What is scan depth") -#### Allow/Block IP list +#### Enable/disable scanning the local subnet +Settings that define how the Infection Monkey will scan the network can be found in `Configuration -> Network`. By default each agent will scan its entire local subnet. +This behavior can be disabled by unchecking the `Local network scan` button. -In `Monkey Configuration -> Network` we can specify how Monkey will scan the network. By default Monkey scans the entire subnet. -That can be changed by unchecking the `Local network scan` button. -Additionally, the Monkey scans the network based on the **Allow IPs list** in the `Scan target list` section. All IPs that are specified in that -section Monkey will be allowed to scan and try to propagate to. -On top of this, we can add a list of IPs that Monkey will not scan at all under `Blocked IPs` section. +#### Add IPs to the IP allow list + +The Infection Monkey agents attempt to scan any hosts that are specified in the `Configuration -> Network -> Scan target list` section. + +#### Add IPs to the IP block list + +If there are any hosts on your network that you would like to prevent the Infection Monkey from scanning or exploiting, they can be added to list of "Blocked IPs" in `Configuration -> Network -> Blocked IPs`. #### Specify max number of victims to find/exploit -Under `Monkey Configuration -> Internal -> Monkey` we can specify two numbers which are limiting Monkey's propagation. +Two settings in `Configuration -> Internal -> Monkey` allow you to further limit the Infection Monkey's propagation: -- **Max victims to find**: this number limits the number of machines that the monkey is allowed to scan. If monkey finds more -machines then what is specified it will not try to scan them. The default number is 100 machines. -- **Max victims to exploit**: this number limits the number of machines that the monkey is allowed to successfully exploit. -Setting this number too high may result in the monkey propagating to a high number of machines. The default number is 100 machines. +- **Max victims to find**: This limits the total number of machines that the Infection Monkey is allowed to scan. +- **Max victims to exploit**: This limits the number of machines that the Infection Monkey is allowed to successfully exploit. ## How can I get involved with the project?