Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Configure Dshield Sensor honeypot to allow http through port 80? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Configure Dshield Sensor honeypot to allow http through port 80?
I have been running the Dshield Sensor honeypot on a raspberry pi for a few days now. It is uploading logs and I can see the reports. I am not able to participate in the 404 Project because I can't get http traffic past the dshield firewall. For example, I know apache2 is running, but it is unable to receive any page requests.

# ps -ef | grep apache
root 10131 22286 0 23:18 pts/0 00:00:00 grep apache
root 12442 1 0 16:28 ? 00:00:02 /usr/sbin/apache2 -k start
www-data 12447 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12448 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12449 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12450 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12451 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start

How can I configure Dshield to selectively allow connections through specific ports? Ssh would be another of interest for reporting with other tools.

Thanks in advance!
mrtexasfreedom

1 Posts

Sign Up for Free or Log In to start participating in the conversation!