This is a first try to mock the router backdoor "TCP32764" found in several router firmwares at the end of 2013. The POC of the backdoor is located at this repository.
This honeypot is not fully compatible to the real backdoor. However, we try to response positive answers for well known tests. Said this, both the poc.py and the web test from Heise recognize this being a real backdoor.
Do not complain about any actions or problems after using this piece of code. Relax, take the time, read it first, and then try it on your own.
NodeJS
git clone https://github.com/knalli/honeypot-for-tcp-32764.git&&cd honeypot-for-tcp-32764npm installnode_modules/.bin/coffee server.coffee
There are two user scripts defined in the package.json which instruments Forever. Simply use npm start to start the server and npm stop to stop the server. The flag -w is used therefor any file changes will effectily restart the server in a second.
There are following user scripts defined for an easy access to the log:
npm run-script print-logprinting out the log file of the current daemon (started bynpm start)npm run-script tail-logtailing out the log file of the current daemon (started bynpm start)
Yes, if you like.
Free for all.
MIT