docs: Add faq for limiting monkey propagation

This commit is contained in:
Ilija Lazoroski 2021-09-27 15:40:31 +02:00
parent 96c525d656
commit faef27a7d1
2 changed files with 37 additions and 0 deletions

View File

@ -26,6 +26,7 @@ Below are some of the most common questions we receive about the Infection Monke
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent) - [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network) - [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen) - [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
- [How can I limit Monkey's propagation through the network?](#how-can-i-limit-monkeys-propagation-through-the-network)
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project) - [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
## Where can I get the latest version of the Infection Monkey? ## Where can I get the latest version of the Infection Monkey?
@ -224,6 +225,42 @@ This is sometimes caused when Monkey Island is installed with an old version of
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). - **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work. - **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
## How can I limit Monkey's propagation through the network?
In order to limit Monkey's ability to propagate through the network you can:
#### Set a propagation depth
Setting a propagation depth means that the monkey will spread user-provided number of hops from patient zero. If we set
propagation depth to 1, the Monkey will spread only one hop from patient zero. Propagation depth does not limit the number of
devices, just the number of hops.
- **Example**: Propagation depth is set to 2. Host A scans the network and finds host B, C, D and E.
Monkey successfully propagates from Host A to Host C. Since the propagation depth is 2. Monkey will pivot
from Host C, continue to scan the network and attempt to propagate machines. If Host C successfully breaches
Host E, it will not pivot further and it will not continue to attempt propagation.
![What is propagation depth](/images/faq/propagation_depth_diagram.png "What is propagation depth")
#### Allow/Block IP list
In `Monkey Configuration -> Network` we can specify how Monkey will scan the network. By default Monkey scans the entire subnet.
That can be changed by unchecking the `Local network scan` button.
Additionally, the Monkey scans the network based on the **Allow IPs list** in the `Scan target list` section. All IPs that are specified in that
section Monkey will be allowed to scan and try to propagate to.
On top of this, we can add a list of IPs that Monkey will not scan at all under `Blocked IPs` section.
#### Specify max number of victims to find/exploit
Under `Monkey Configuration -> Internal -> Monkey` we can specify two numbers which are limiting Monkey's propagation.
- **Max victims to find**: this number limits the number of machines that the monkey is allowed to scan. If monkey finds more
machines then what is specified it will not try to scan them. The default number is 100 machines.
- **Max victims to exploit**: this number limits the number of machines that the monkey is allowed to successfully exploit.
Setting this number too high may result in the monkey propagating to a high number of machines. The default number is 100 machines.
## How can I get involved with the project? ## How can I get involved with the project?
Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information. Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information.

Binary file not shown.

After

Width:  |  Height:  |  Size: 170 KiB