![]() ![]() The Dream Machine logs output from the honeypot in the Threat Management Dashboard, under the ‘Honey Pot’ tab. The Nmap scan above is exactly what the honeypot was designed to detect. A few services seem to provide a mocked interface, such as Telnet: > telnet Debian GNU/Linux 8 login: Password: Login incorrect Threat Management Dashboard The device icon indicates the UniFi model (not all icons are. Other services, such as HTTP, seem to just forward on to the router’s web interface (we are not entirely sure this is a good idea!). Some common services do not respond or connect as you would expect: SSH, FTP, and SMTP clients would not connect. Not shown: 65516 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 80/tcp open http 110/tcp open pop3 443/tcp open https 445/tcp open microsoft-ds 1433/tcp open ms-sql-s 2222/tcp open EtherNetIP-1 6789/tcp open ibm-db2-admin 8000/tcp open http-alt 8080/tcp open http-proxy 8443/tcp open https-alt 8843/tcp open unknown 8880/tcp open cddbp-alt 8900/tcp open jmb-cds1 8901/tcp open jmb-cds2 26636/tcp open unknown The port scan returned the following: Nmap scan report x.x.x.x Host is up (0.000063s latency). Run a WiFi scanning utility and pick the least congested channel. The OS Scan revealed the following information: Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Fix: Device config page (JSON view) Fix: Unknown device images. Under settings if you’re not there already go ahead and click Site. This includes ports from 1–65535 with OS detection enabled: nmap -p 1-65535 -T4 -A -v Head over to your Ubiquiti UniFi Network Controller in the web browser and on the left hand side go to Settings at the bottom. ![]() Our initial Nmap scan was an ‘intense scan’ targeting all TCP ports. Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing To quickly identify which ports are open on the honeypot we used NMAP. It’s as simple as that! Tasting the Honey You’ll need to SSH in to the device as there is no option within the GUI for disabling discovery. Save the settings, and you now have a honeypot running on your network. I’ll get straight in to it for those simply here to find out how to disable the service. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |