Conpot – An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systemsDocumentationThe build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ.Easy install using DockerVia a pre-built imageInstall DockerRun docker pull honeynet/conpotRun docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/shFinally run conpot -f –template defaultNavigate to http://MY_IP_ADDRESS to confirm the setup.Build docker image from sourceInstall DockerClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerRun docker build -t conpot .Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 –network=bridge conpotNavigate to http://MY_IP_ADDRESS to confirm the setup.Build from source and run with docker-composeInstall docker-composeClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerBuild the image with docker-compose buildTest if everything is running correctly with docker-compose upPermanently run as a daemon with docker-compose up -dSample output::# conpot –template default _ ___ ___ ___ ___ ___| |_ | _| . | | . | . | _| |___|___|_|_| _|___|_| |_| Version 0.6.0 MushMush Foundation 2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar2018-08-09 19:13:15,100 Please wait while the system copies all specified files2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.2018-08-09 19:13:15,175 Found and enabled (‘modbus’, ) protocol.2018-08-09 19:13:15,177 Found and enabled (‘s7comm’, <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.2018-08-09 19:13:15,178 Found and enabled (‘http’, <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.2018-08-09 19:13:15,179 Found and enabled (‘snmp’, <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.2018-08-09 19:13:15,181 Found and enabled (‘bacnet’, <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.2018-08-09 19:13:15,182 Found and enabled (‘ipmi’, <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.2018-08-09 19:13:15,185 Found and enabled (‘enip’, <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.2018-08-09 19:13:15,199 Found and enabled (‘ftp’, <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.2018-08-09 19:13:15,206 Found and enabled (‘tftp’, <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped. 2018-08-09 19:13:15,206 Modbus server started on: (‘0.0.0.0’, 5020) 2018-08-09 19:13:15,206 S7Comm server started on: (‘0.0.0.0’, 10201) 2018-08-09 19:13:15,207 HTTP server started on: (‘0.0.0.0’, 8800) 2018-08-09 19:13:15,402 SNMP server started on: (‘0.0.0.0’, 16100) 2018-08-09 19:13:15,403 Bacnet server started on: (‘0.0.0.0’, 47808) 2018-08-09 19:13:15,403 IPMI server started on: (‘0.0.0.0’, 6230) 2018-08-09 19:13:15,403 handle server PID [23183] running on (‘0.0.0.0’, 44818) 2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 1397536723090642018-08-09 19:13:15,404 FTP server started on: (‘0.0.0.0’, 2121) 2018-08-09 19:13:15,404 Starting TFTP server at (‘0.0.0.0’, 6969)Intro videoDownload Conpot

Link: http://feedproxy.google.com/~r/PentestTools/~3/Khos5GRsxrw/conpot-open-industrial-control-honeypot.html

Shodan, Apache, ICS, and Controllers – Paul’s Security Weekly #579

How to use the Shodan search engine to secure an enterprise’s internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes! Paul’s Stories How to use the Shodan search engine to secure an enterprise’s internet presence […]
The post Shodan, Apache, ICS, and Controllers – Paul’s Security Weekly #579 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/6MbmuPLSPnY/

ICS – Enterprise Security Weekly #102

Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure. We used several on-site interviews and briefings with solutions providers at Blackhat as a basis for this segment. Recorded live at the Security Weekly pool cabana in Las Vegas! Visit http://securityweekly.com/esw for all the latest episodes!
The post ICS – Enterprise Security Weekly #102 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/EzvhDy8NcSQ/

Corey Thuen, Gravwell – Enterprise Security Weekly #100

Corey Thuen is a founder of Gravwell and has spent over a decade in ICS (OT), IT, and IoT security. That experience is now driving development of a full-stack analytics platform built to solve modern analytics problems of the IoT age. Full Show NotesVisit http://securityweekly.com/esw for all the latest episodes!
The post Corey Thuen, Gravwell – Enterprise Security Weekly #100 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/hwvMs4vx_hs/

Corey Thuen, Gravwell – Enterprise Security Weekly #99

Corey Thuen is a founder of Gravwell and has spent over a decade in ICS (OT), IT, and IoT security. That experience is now driving development of a full-stack analytics platform built to solve modern analytics problems of the IoT age. Full Show NotesVisit http://securityweekly.com/esw for all the latest episodes!
The post Corey Thuen, Gravwell – Enterprise Security Weekly #99 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/hwvMs4vx_hs/