Honeypot for Router Backdoor (TCP-32764)
This is a first try to mock the router backdoor "TCP32764" found in several router firmwares at the end of 2013. The POC of the backdoor is located at this repository.
This honeypot is not fully compatible to the real backdoor. However, we try to response positive answers for well known tests. Said this, both the
poc.py and the web test from Heise recognize this being a real backdoor.
Do not complain about any actions or problems after using this piece of code. Relax, take the time, read it first, and then try it on your own.
How to use (easy start)
git clone https://github.com/knalli/honeypot-for-tcp-32764.git&&
How to use (daemon)
There are two user scripts defined in the
package.json which instruments Forever. Simply use
npm start to start the server and
npm stop to stop the server. The flag
-w is used therefor any file changes will effectily restart the server in a second.
How to monitor
There are following user scripts defined for an easy access to the log:
npm run-script print-logprinting out the log file of the current daemon (started by
npm run-script tail-logtailing out the log file of the current daemon (started by
Yes, if you like.
Free for all.