Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Configure Dshield Sensor honeypot to allow http through port 80? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Configure Dshield Sensor honeypot to allow http through port 80?
I have been running the Dshield Sensor honeypot on a raspberry pi for a few days now. It is uploading logs and I can see the reports. I am not able to participate in the 404 Project because I can't get http traffic past the dshield firewall. For example, I know apache2 is running, but it is unable to receive any page requests.

# ps -ef | grep apache
root 10131 22286 0 23:18 pts/0 00:00:00 grep apache
root 12442 1 0 16:28 ? 00:00:02 /usr/sbin/apache2 -k start
www-data 12447 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12448 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12449 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12450 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 12451 12442 0 16:28 ? 00:00:00 /usr/sbin/apache2 -k start

How can I configure Dshield to selectively allow connections through specific ports? Ssh would be another of interest for reporting with other tools.

Thanks in advance!
mrtexasfreedom

1 Posts

Sign Up for Free or Log In to start participating in the conversation!