Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for central authentication system #389

Open
xandfury opened this issue Aug 7, 2018 · 1 comment

Comments

@xandfury
Copy link
Collaborator

commented Aug 7, 2018

In order for Conpot to look more realistic to attackers, there should be a central authentication system that provides more consistency. Protocols should be able to query this auth module and verify the user/pass pairs.

Requirements:

  • Pick user/pass pairs from the config.
  • A Utility to add a pair of credentials to our auth data structure.
  • Utility to check the whether the passed user/pass exists in our Data Structure
  • Maintain 'maxcache' for the number of attempts from each source IP. If the attempts exceed the 'maxcache', return False.
  • A random auth class that also tracks source IP address
  • Every new source IP will have to try a random number of times between 'mintry' and 'maxtry' before succeeding to login.
  • All username/password combinations must be different.
  • The successful login combination is stored with the IP address.
  • Successful username/passwords pairs are also cached for 'maxcache' times.
  • Allow access from different IP addresses if a credential pair is accepted.
  • Protocols can use either local scope or global scope to authenticate. For eg: FTP user 'Anonymous` does not exist with any other protocol. Hence should be kept separate

This should be a core feature and part of the databus. Further all existing protocols must be refactored to use this e.g: FTP, SNMP, IPMI etc.

Nice to have:

  • Every user can have a home directory in the ConpotFS.
  • Support for multiple hashing algorithms. This can be optional. But it would be cool if users can directly attach rainbow tables to Conpot
  • Check and verify using popular brute-forcing tools.

@xandfury xandfury added this to the 0.6.1 milestone Aug 7, 2018

@xandfury

This comment has been minimized.

Copy link
Collaborator Author

commented Aug 12, 2018

Initial work can be seen here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.