Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protocols Don't work #512

Open
mohamedali1252 opened this issue Feb 22, 2022 · 3 comments
Open

Protocols Don't work #512

mohamedali1252 opened this issue Feb 22, 2022 · 3 comments

Comments

@mohamedali1252
Copy link

mohamedali1252 commented Feb 22, 2022
edited

Hello All,
I have more than one issue maybe it's a basic questions but I am new to this community.
1- Whenever I use the SSH-Simulator Protocol and login to the SSH, any command wouldn't be supported so why is that or is it a specific commands just to decrease the danger of the attacks?
2- When I add a new protocol such as FTP or Telnet in config file and restart the honeytrap, when I use it that way (using: telnet <ip_address> , or ftp <ip_address>) , it doesn't appear in the log file so any ideas why is that happened ?
(note: I use the same syntax in the documentation)
And thanks in advance
@mohamedali1252 mohamedali1252 changed the title Protocols Doesn't work Protocols Don't work Feb 23, 2022
@sammynx
Copy link
Collaborator

sammynx commented Feb 24, 2022

To answer your questions:

  1. It's in the name, it is a simulator there is no real system behind it. The main point is that it answers and will be seen as an open ssh port. You wanna see if it gets attacked and how and that wouldn't be the case if no ssh was detected. Btw with an honeypot you want to increase the danger of attacks, not decrease it. Since it is a simulation there is no danger to your own system.
  2. Honeytrap creates events of actions in services like FTP, they are not in the logs, see https://docs.honeytrap.io/channels/
    If you use the example there the FTP and Telnet events will be printed on the screen.

@mohamedali1252
Copy link
Author

mohamedali1252 commented Feb 24, 2022
edited

To answer your questions:

  1. It's in the name, it is a simulator there is no real system behind it. The main point is that it answers and will be seen as an open ssh port. You wanna see if it gets attacked and how and that wouldn't be the case if no ssh was detected. Btw with an honeypot you want to increase the danger of attacks, not decrease it. Since it is a simulation there is no danger to your own system.
  2. Honeytrap creates events of actions in services like FTP, they are not in the logs, see https://docs.honeytrap.io/channels/
    If you use the example there the FTP and Telnet events will be printed on the screen.

But the main problem with me is that it doesn't connect to ftp or telnet despite adding them in the config file and when I use nmap to see the open ports I don't see the ports that I added to the config file, it's only the SSH-Simulator which appear in the open ports when using 8022 and if i change that port to 8026 for example it doesn't appear in open ports using nmap. i think it is something with getting honeytrap in docker using run command in the first time, i use this command (docker run -p 8022:8022 --name honeyTrap -d honeytrap/honeytrap:latest) so i think to add the ports that i will use such ass 22 and 23, am I righ?
thanks for the response.

@sammynx
Copy link
Collaborator

sammynx commented Feb 24, 2022

Yes you're right, you need to expose the ports in docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sammynx @mohamedali1252