Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More Industrial Honeypots? #1651

Open
UncleRaymondo opened this issue Sep 7, 2024 · 2 comments
Open

More Industrial Honeypots? #1651

UncleRaymondo opened this issue Sep 7, 2024 · 2 comments
Labels
question stale

Comments

@UncleRaymondo
Copy link

Hi @t3chn0m4g3,

Long time no hear, my friend; I hope you are doing well!

Quickly, I've just deployed the latest TPOT, but I'm not seeing much around the industrial honeypots. I remember back in 2017/2018, I helped reconfigure Conpot to work with other protocols, and I can still see in the config that ports 502 Modbus and 47808 Bacnet are assigned to it but not configured. I then recall the discussion where you were moving to Kamstrup, which I now see as conpot_kamstrup_382.

Is there an easy way to activate these? Is it as easy as copying the template files from https://github.com/mushorg/conpot/tree/master/conpot/templates/default and creating configs and networks for each under the conpot.cfg and other files just like the others are configured?

I have an OT seminar I'm delivering in KSA in a couple of days and it would be good to add more of an industrial flavour to the available honeypots :)

Thanks in advance!

Cheers,
Ray
@github-actions github-actions bot added the no basic support info Please follow the guidelines so we can help label Sep 7, 2024
@t3chn0m4g3
Copy link
Member

Hi @UncleRaymondo,

I have not tried it in a while (I remember we had an issue with it, but I cannot remember what it was), however this would be the service config in docker-compose.yml:

# Conpot default service
  conpot_default:
    container_name: conpot_default
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json
     - CONPOT_LOG=/var/log/conpot/conpot_default.log
     - CONPOT_TEMPLATE=default
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_default
    ports:
     - "69:69/udp"
     - "80:80"
     - "102:102"
     - "161:161/udp"
     - "502:502"
     - "623:623/udp"
     - "21:21"
     - "44818:44818"
     - "47808:47808/udp"
    image: "dtagdevsec/conpot:2404"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot

Hope this helps and good luck for the seminar!

All the best,
Marco.

@t3chn0m4g3 t3chn0m4g3 added question and removed no basic support info Please follow the guidelines so we can help labels Sep 10, 2024
@github-actions GitHub Actions
Copy link

This issue has been marked as stale because it has had no activity for 7 days. If you are still experiencing this issue, please comment or it will be closed in 7 days.

@github-actions github-actions bot added the stale label Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t3chn0m4g3 @UncleRaymondo