So, as I go down the path of playing with MHN, I did an external scan of the Dionaea honeypot I recently put up and found that NMAP easily picked out the fact that it was running Dionaea. Since I am working on trying to capture some payloads, I knew I had to do something to disguise it better. I followed this post and was able to change it up. I may look in to building this in to the deploy package in the near future.
Now I wait. 🙂
PORT STATE SERVICE VERSION 21/tcp open ftp Dionaea honeypot ftpd 22/tcp open ssh (protocol 2.0) 80/tcp open http? 135/tcp open msrpc? 443/tcp open ssl/https? 445/tcp open microsoft-ds Dionaea honeypot smbd 1433/tcp open ms-sql-s Dionaea honeypot MS-SQL server 3306/tcp open mysql MySQL 5.0.54 5060/tcp open sip (SIP end point; Status: 200 OK)
PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.2.9 22/tcp open ssh (protocol 2.0) 80/tcp open http? 135/tcp open msrpc? 443/tcp open ssl/https? 445/tcp open microsoft-ds? 1433/tcp open ms-sql-s? 3306/tcp open mysql MySQL 5.0.54 5060/tcp open sip (SIP end point; Status: 200 OK)
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec