Educause Security Discussion mailing list archives
CommunityHoneyNetwork - Cowrie
From: Max McGrath <mmcgrath () CARTHAGE EDU>
Date: Thu, 17 May 2018 15:16:41 -0500
Hi all -
Not sure if this is the proper place for this or not, but I'll try anyways.
I'm finally getting around to deploying the CommunityHoneyNetwork honeypot
after attending the 'Automating Honeypot Deployment....' session at SPC
this year.
I've gotten the CHN Server deployed and running:
root@chn-server:/usr/local/chnserver# docker-compose ps
Name Command State
Ports
---------------------------------------------------------------------------------------------------
chnserver_chnserver_1 /sbin/runsvdir -P /etc/service Up 0.0.0.0:80
->80/tcp
chnserver_hpfeeds_1 /sbin/runsvdir -P /etc/service Up 10000/tcp
chnserver_mnemosyne_1 /sbin/runsvdir -P /etc/service Up
0.0.0.0:10000->10000/tcp, 8181/tcp
chnserver_mongodb_1 /sbin/runsvdir -P /etc/service Up 27017/tcp
chnserver_redis_1 /sbin/runsvdir -P /etc/service Up 6379/tcp
I've also gotten the Cowrie honeypot deployed and (seemingly) connected to
the CHN Server:
root@Cowrie:/usr/local/chncowrie# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------
chncowrie_cowrie_1 /sbin/runsvdir -P /etc/service Up 0.0.0.0:2222
->2222/tcp
What I can't get to work is having an SSH login on Cowrie to be registered
as an attack. Is anybody able (and willing) to lend some guidance? I feel
like I'm a bit confused using port 2222 and trying to map it to port 22.
Thanks!
Max
--
Max McGrath <http://www.linkedin.com/in/max-mcgrath-a299124b>
Infrastructure and Security Manager
Carthage College
262-551-6666
mmcgrath () carthage edu
Current thread:
- CommunityHoneyNetwork - Cowrie Max McGrath (May 17)

