Start ftp service as passive instead of active

[kounelios13]

Hello. I have the following situation.
I setup a docker container that uses the ftp service of the honeypot . I login to the ftp honeypot and try to perform some actions .

First I do an mkdir FOO that works as expected. After that I do an ls command that returns a 425 data connection failed. After some digging I found out that the honeytrap tries to open an active socket which fails if the honeytrap is containerized (happens both in docker and kubernetes).

Is there a way to configure honeytrap to start as a passive server instead?

[sammynx]

You could try sending the PASVcommand first to the ftp honeypot to enter passive mode.

[kounelios13]

@sammynx . I am out of the office and will try it tomorrow.However I am concerned about the following scenario. Assuming I wanna capture suspicious files that an attacker wants to upload to my ftp service. How will the attacker know they have to use PASV first? I am looking for a way to make this process as transparent as possible for the end users.

Thank you very much for all the work you have put here in the honeytrap