Conpot 0.5.0 released

The Conpot development team is proud to announce the 0.5.0 release. Highlights of this release are the support for two new protocols and one additional device. Peter Soóky did a major contribution with support for the BACnet protocol, which is used for building automation and control networks, and support for IPMI, which is used an interface to a computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware and operating system (consider the insights you can get from someone exploiting this). As mentioned in an earlier blog post, we also added support to emulate a Guardian AST device. This is based on the research from Kyle Wilhoit and Stephen Hilt.
Another goal of this release was to improve the ease of deployment. Therefore we added a Docker container template. Thanks to our contributors, we also have documentation on how to run Conpot on CentOS.
To avoid some easy fingerprinting, we added the feature to modify the MAC address of the interface Conpot is listening on. So now your hardware address can match the device manufacturer you are intending to emulate.
As with every other release, we tried to improve our test coverage and code quality in order to increase the honeypots stability.

If you are enjoying Conpot, please consider enabling HPFeeds in order to share data with us. We are also looking for new developers to join, so don’t be shy and get in touch!

Gas Tank Monitoring System Honeypot

The Conpot team is following closely the latest developments in Honeypot research and the methods and technologies used. If you look at the topics presented on security conferences, you might have also noticed an increased interest in ICS security and honeypot technologies in the last two years. One presentation from this years Blackhat’15 conference caught my attention also knowing previous research done by Kyle and Stephen: “The little pump gauge that could: Attacks against gas pump monitoring systems” [link] If you are interested in their findings, I recommend their white paper: “The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems“ [link, pdf] by Kyle Wilhoit and Stephen Hilt from Trend Micro’s Forward-Looking Threat Research team.

So we had the great idea to add exactly that feature to Conpot... Read more »

Get STIX Reports from ICS Honeypot Conpot

The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github. Read more »

Introducing Conpot

We proudly announce the first release of our Industrial Control System honeypot named Conpot.

Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. With implementing a master server for a larger set of common industrial communication protocols and virtual slaves which are easy to configure, we provide an easy entry into the analysis of threats against industrial infrastructures and control systems. Read more »

Syndicate content