Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

CommunityHoneyNetwork - Cowrie

From: Max McGrath <mmcgrath () CARTHAGE EDU>
Date: Thu, 17 May 2018 15:16:41 -0500
Hi all -

Not sure if this is the proper place for this or not, but I'll try anyways.

I'm finally getting around to deploying the CommunityHoneyNetwork honeypot
after attending the 'Automating Honeypot Deployment....' session at SPC
this year.

I've gotten the CHN Server deployed and running:

root@chn-server:/usr/local/chnserver# docker-compose ps
        Name                       Command               State
   Ports
---------------------------------------------------------------------------------------------------
chnserver_chnserver_1   /sbin/runsvdir -P /etc/service   Up      0.0.0.0:80
->80/tcp
chnserver_hpfeeds_1     /sbin/runsvdir -P /etc/service   Up      10000/tcp
chnserver_mnemosyne_1   /sbin/runsvdir -P /etc/service   Up
0.0.0.0:10000->10000/tcp, 8181/tcp
chnserver_mongodb_1     /sbin/runsvdir -P /etc/service   Up      27017/tcp
chnserver_redis_1       /sbin/runsvdir -P /etc/service   Up      6379/tcp


I've also gotten the Cowrie honeypot deployed and (seemingly) connected to
the CHN Server:

root@Cowrie:/usr/local/chncowrie# docker-compose ps
       Name                     Command               State           Ports
------------------------------------------------------------------------------------
chncowrie_cowrie_1   /sbin/runsvdir -P /etc/service   Up      0.0.0.0:2222
->2222/tcp



What I can't get to work is having an SSH login on Cowrie to be registered
as an attack.  Is anybody able (and willing) to lend some guidance?  I feel
like I'm a bit confused using port 2222 and trying to map it to port 22.

Thanks!

Max

--
Max McGrath  <http://www.linkedin.com/in/max-mcgrath-a299124b>
Infrastructure and Security Manager
Carthage College
262-551-6666
mmcgrath () carthage edu

Previous By Date Next
Previous By Thread Next

Current thread: