A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
This project is part of a BA thesis. It is currently in a pre-alpha state.
Kernel/libc requirements: Cgroups, Namespaces (UTS, IPC, PID, NET, CGROUPS)
Required: libssh, pthread
Optional: libseccomp
A chroot'able directory that contains an executable named '/bin/sh'.
Build:
./autogen.sh
./configure
make
Run:
Example:
./src/potd --redirect 0.0.0.0:2222:127.0.0.1:22222
--protocol 127.0.0.1:22222:127.0.0.1:33333
--jail 127.0.0.1:33333
This will process, filter and redirect all traffic incoming from 0.0.0.0:2222 to the protocol handler at 127.0.0.1:22222 and if the protocol accepts it, it will forward all traffic to the jail/sandbox at 127.0.0.1:33333.
(clunky atm, will be simplified in the future)
Do not forget to set the --rootfs <directory>
which contains an executable /bin/sh
.
see ./src/potd --help
The ssh server currently supports only shell channels. But exec and direct-tcp channels are coming soon!
Supported protocols (at the moment):
Protocols to implement:
Suits perfect for your favoured Desktop/Server/OpenWrt Linux system.