DTK currently has the following components: * Generic.pl – a generic interface that works via tcp wrappers to service incoming requests. * listen.pl – a port listener that listens to a port and forks slave processes to handle each inbound attempt. * logging.pl – the subroutines and initialization for logging what happens. * respond.pl – the subroutine for responding based on ‘response’ file content. * notify.pl – a sample program to notify administrators of known attacks by email. * coredump.c – produces a coredump message on a port (what a fakeout). * deception.c – working on a C version of the program – don’t even think about compiling it yet. * makefile – makes the C programs into executables – truly trivial. * [nn].response – the responder finiate state machine for each port. This takes some understanding of finite state machines and will be detailed later in this document. * @[nn].[something] – a response file for non-trivial outputs. * @fake.passwd – a fake password file that nobody will ever be able to decode. * expandlog.pl – expand’s compressed logfiles into more readable form How does it work? DTK simply listens for inputs and provides responses that seem normal (i.e., full of bugs). In the process, it logs what is being done, provides sensible (if not quite perfect) answers, and lulls the attacker into a false sense of (your) insecur