forked from p34709852/monkey
Docs: Edits to monkey propagation FAQ section
This commit is contained in:
parent
faef27a7d1
commit
cd937802d7
|
@ -26,7 +26,7 @@ Below are some of the most common questions we receive about the Infection Monke
|
|||
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
|
||||
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
|
||||
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
|
||||
- [How can I limit Monkey's propagation through the network?](#how-can-i-limit-monkeys-propagation-through-the-network)
|
||||
- [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network)
|
||||
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
|
||||
|
||||
## Where can I get the latest version of the Infection Monkey?
|
||||
|
@ -225,40 +225,42 @@ This is sometimes caused when Monkey Island is installed with an old version of
|
|||
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
|
||||
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
|
||||
|
||||
## How can I limit Monkey's propagation through the network?
|
||||
## Can I limit how the Infection Monkey propagates through my network?
|
||||
|
||||
In order to limit Monkey's ability to propagate through the network you can:
|
||||
In order to limit how the Infection Monkey is able to propagate through your network, you can:
|
||||
|
||||
#### Set a propagation depth
|
||||
#### Adjust the scan depth
|
||||
|
||||
Setting a propagation depth means that the monkey will spread user-provided number of hops from patient zero. If we set
|
||||
propagation depth to 1, the Monkey will spread only one hop from patient zero. Propagation depth does not limit the number of
|
||||
The scan depth limits the number of hops that the Infection Monkey agent will spread from patient zero. If
|
||||
the scan depth is set to 1, the agent will spread only 1 hop from patient zero. Scan depth does not limit the number of
|
||||
devices, just the number of hops.
|
||||
|
||||
- **Example**: Propagation depth is set to 2. Host A scans the network and finds host B, C, D and E.
|
||||
Monkey successfully propagates from Host A to Host C. Since the propagation depth is 2. Monkey will pivot
|
||||
from Host C, continue to scan the network and attempt to propagate machines. If Host C successfully breaches
|
||||
Host E, it will not pivot further and it will not continue to attempt propagation.
|
||||
- **Example**: Scan depth is set to 2. _Host A_ scans the network and finds hosts _B, C, D_ and _E_.
|
||||
The Infection Monkey agent successfully propagates from _Host A_ to _Host C_. Since the scan depth is 2, the agent will pivot
|
||||
from _Host C_ and continue to scan other machines on the network. If _Host C_ successfully breaches
|
||||
_Host E_, it will not pivot further and it will not continue to scan or propagate.
|
||||
|
||||
![What is propagation depth](/images/faq/propagation_depth_diagram.png "What is propagation depth")
|
||||
![What is scan depth](/images/faq/propagation_depth_diagram.png "What is scan depth")
|
||||
|
||||
|
||||
#### Allow/Block IP list
|
||||
#### Enable/disable scanning the local subnet
|
||||
Settings that define how the Infection Monkey will scan the network can be found in `Configuration -> Network`. By default each agent will scan its entire local subnet.
|
||||
This behavior can be disabled by unchecking the `Local network scan` button.
|
||||
|
||||
In `Monkey Configuration -> Network` we can specify how Monkey will scan the network. By default Monkey scans the entire subnet.
|
||||
That can be changed by unchecking the `Local network scan` button.
|
||||
Additionally, the Monkey scans the network based on the **Allow IPs list** in the `Scan target list` section. All IPs that are specified in that
|
||||
section Monkey will be allowed to scan and try to propagate to.
|
||||
On top of this, we can add a list of IPs that Monkey will not scan at all under `Blocked IPs` section.
|
||||
#### Add IPs to the IP allow list
|
||||
|
||||
The Infection Monkey agents attempt to scan any hosts that are specified in the `Configuration -> Network -> Scan target list` section.
|
||||
|
||||
#### Add IPs to the IP block list
|
||||
|
||||
If there are any hosts on your network that you would like to prevent the Infection Monkey from scanning or exploiting, they can be added to list of "Blocked IPs" in `Configuration -> Network -> Blocked IPs`.
|
||||
|
||||
#### Specify max number of victims to find/exploit
|
||||
|
||||
Under `Monkey Configuration -> Internal -> Monkey` we can specify two numbers which are limiting Monkey's propagation.
|
||||
Two settings in `Configuration -> Internal -> Monkey` allow you to further limit the Infection Monkey's propagation:
|
||||
|
||||
- **Max victims to find**: this number limits the number of machines that the monkey is allowed to scan. If monkey finds more
|
||||
machines then what is specified it will not try to scan them. The default number is 100 machines.
|
||||
- **Max victims to exploit**: this number limits the number of machines that the monkey is allowed to successfully exploit.
|
||||
Setting this number too high may result in the monkey propagating to a high number of machines. The default number is 100 machines.
|
||||
- **Max victims to find**: This limits the total number of machines that the Infection Monkey is allowed to scan.
|
||||
- **Max victims to exploit**: This limits the number of machines that the Infection Monkey is allowed to successfully exploit.
|
||||
|
||||
|
||||
## How can I get involved with the project?
|
||||
|
|
Loading…
Reference in New Issue