Skip to content
This repository has been archived by the owner. It is now read-only.
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Honeypot for Router Backdoor (TCP-32764)

This is a first try to mock the router backdoor "TCP32764" found in several router firmwares at the end of 2013. The POC of the backdoor is located at this repository.

A note

This honeypot is not fully compatible to the real backdoor. However, we try to response positive answers for well known tests. Said this, both the poc.py and the web test from Heise recognize this being a real backdoor.

Do not complain about any actions or problems after using this piece of code. Relax, take the time, read it first, and then try it on your own.

Dependencies

NodeJS

How to use (easy start)

  1. git clone https://github.com/knalli/honeypot-for-tcp-32764.git && cd honeypot-for-tcp-32764
  2. npm install
  3. node_modules/.bin/coffee server.coffee

How to use (daemon)

There are two user scripts defined in the package.json which instruments Forever. Simply use npm start to start the server and npm stop to stop the server. The flag -w is used therefor any file changes will effectily restart the server in a second.

How to monitor

There are following user scripts defined for an easy access to the log:

  • npm run-script print-log printing out the log file of the current daemon (started by npm start)
  • npm run-script tail-log tailing out the log file of the current daemon (started by npm start)

Contribution

Yes, if you like.

License

Free for all.

MIT

About

Honeypot for router backdoor (TCP 32764)

Topics

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.