Educause Security Discussion mailing list archives
CommunityHoneyNetwork - Cowrie
From: Max McGrath <mmcgrath () CARTHAGE EDU>
Date: Thu, 17 May 2018 15:16:41 -0500
Hi all - Not sure if this is the proper place for this or not, but I'll try anyways. I'm finally getting around to deploying the CommunityHoneyNetwork honeypot after attending the 'Automating Honeypot Deployment....' session at SPC this year. I've gotten the CHN Server deployed and running: root@chn-server:/usr/local/chnserver# docker-compose ps Name Command State Ports --------------------------------------------------------------------------------------------------- chnserver_chnserver_1 /sbin/runsvdir -P /etc/service Up 0.0.0.0:80 ->80/tcp chnserver_hpfeeds_1 /sbin/runsvdir -P /etc/service Up 10000/tcp chnserver_mnemosyne_1 /sbin/runsvdir -P /etc/service Up 0.0.0.0:10000->10000/tcp, 8181/tcp chnserver_mongodb_1 /sbin/runsvdir -P /etc/service Up 27017/tcp chnserver_redis_1 /sbin/runsvdir -P /etc/service Up 6379/tcp I've also gotten the Cowrie honeypot deployed and (seemingly) connected to the CHN Server: root@Cowrie:/usr/local/chncowrie# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------ chncowrie_cowrie_1 /sbin/runsvdir -P /etc/service Up 0.0.0.0:2222 ->2222/tcp What I can't get to work is having an SSH login on Cowrie to be registered as an attack. Is anybody able (and willing) to lend some guidance? I feel like I'm a bit confused using port 2222 and trying to map it to port 22. Thanks! Max -- Max McGrath <http://www.linkedin.com/in/max-mcgrath-a299124b> Infrastructure and Security Manager Carthage College 262-551-6666 mmcgrath () carthage edu
Current thread:
- CommunityHoneyNetwork - Cowrie Max McGrath (May 17)