Docs: Edits to monkey propagation FAQ section

This commit is contained in:
Mike Salvatore 2021-09-27 12:42:46 -04:00
parent faef27a7d1
commit cd937802d7
1 changed files with 24 additions and 22 deletions

View File

@ -26,7 +26,7 @@ Below are some of the most common questions we receive about the Infection Monke
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent) - [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network) - [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen) - [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
- [How can I limit Monkey's propagation through the network?](#how-can-i-limit-monkeys-propagation-through-the-network) - [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network)
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project) - [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
## Where can I get the latest version of the Infection Monkey? ## Where can I get the latest version of the Infection Monkey?
@ -225,40 +225,42 @@ This is sometimes caused when Monkey Island is installed with an old version of
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). - **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work. - **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
## How can I limit Monkey's propagation through the network? ## Can I limit how the Infection Monkey propagates through my network?
In order to limit Monkey's ability to propagate through the network you can: In order to limit how the Infection Monkey is able to propagate through your network, you can:
#### Set a propagation depth #### Adjust the scan depth
Setting a propagation depth means that the monkey will spread user-provided number of hops from patient zero. If we set The scan depth limits the number of hops that the Infection Monkey agent will spread from patient zero. If
propagation depth to 1, the Monkey will spread only one hop from patient zero. Propagation depth does not limit the number of the scan depth is set to 1, the agent will spread only 1 hop from patient zero. Scan depth does not limit the number of
devices, just the number of hops. devices, just the number of hops.
- **Example**: Propagation depth is set to 2. Host A scans the network and finds host B, C, D and E. - **Example**: Scan depth is set to 2. _Host A_ scans the network and finds hosts _B, C, D_ and _E_.
Monkey successfully propagates from Host A to Host C. Since the propagation depth is 2. Monkey will pivot The Infection Monkey agent successfully propagates from _Host A_ to _Host C_. Since the scan depth is 2, the agent will pivot
from Host C, continue to scan the network and attempt to propagate machines. If Host C successfully breaches from _Host C_ and continue to scan other machines on the network. If _Host C_ successfully breaches
Host E, it will not pivot further and it will not continue to attempt propagation. _Host E_, it will not pivot further and it will not continue to scan or propagate.
![What is propagation depth](/images/faq/propagation_depth_diagram.png "What is propagation depth") ![What is scan depth](/images/faq/propagation_depth_diagram.png "What is scan depth")
#### Allow/Block IP list #### Enable/disable scanning the local subnet
Settings that define how the Infection Monkey will scan the network can be found in `Configuration -> Network`. By default each agent will scan its entire local subnet.
This behavior can be disabled by unchecking the `Local network scan` button.
In `Monkey Configuration -> Network` we can specify how Monkey will scan the network. By default Monkey scans the entire subnet. #### Add IPs to the IP allow list
That can be changed by unchecking the `Local network scan` button.
Additionally, the Monkey scans the network based on the **Allow IPs list** in the `Scan target list` section. All IPs that are specified in that The Infection Monkey agents attempt to scan any hosts that are specified in the `Configuration -> Network -> Scan target list` section.
section Monkey will be allowed to scan and try to propagate to.
On top of this, we can add a list of IPs that Monkey will not scan at all under `Blocked IPs` section. #### Add IPs to the IP block list
If there are any hosts on your network that you would like to prevent the Infection Monkey from scanning or exploiting, they can be added to list of "Blocked IPs" in `Configuration -> Network -> Blocked IPs`.
#### Specify max number of victims to find/exploit #### Specify max number of victims to find/exploit
Under `Monkey Configuration -> Internal -> Monkey` we can specify two numbers which are limiting Monkey's propagation. Two settings in `Configuration -> Internal -> Monkey` allow you to further limit the Infection Monkey's propagation:
- **Max victims to find**: this number limits the number of machines that the monkey is allowed to scan. If monkey finds more - **Max victims to find**: This limits the total number of machines that the Infection Monkey is allowed to scan.
machines then what is specified it will not try to scan them. The default number is 100 machines. - **Max victims to exploit**: This limits the number of machines that the Infection Monkey is allowed to successfully exploit.
- **Max victims to exploit**: this number limits the number of machines that the monkey is allowed to successfully exploit.
Setting this number too high may result in the monkey propagating to a high number of machines. The default number is 100 machines.
## How can I get involved with the project? ## How can I get involved with the project?