rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Running a ICS/SCADA Honeypot on a Raspberry Pi

Fri Jul 10, 2015 5:01 pm

I have always wanted to run a ICS/SCADA honeypot but I knew I could never afford real ICS/SCADA hardware. Now I can run a ICS/SCADA honeypot thanks to a honeypot called conpot. Here is a link to the conpot website. http://conpot.org/
If anyone else wants to try conpot here is a link to the instructions to install conpot http://mushorg.github.io/conpot/install ... ebian.html
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
Jednorozec
Posts: 809
Joined: Sun Nov 24, 2013 2:17 pm
Location: Deposit, NY

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Fri Jul 10, 2015 6:11 pm

The most important leg of a three legged stool is the one that's missing.
It's called thinking. Why don't you try it sometime?

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Fri Jul 10, 2015 7:41 pm

What level of interaction is the conpot honeypot? Have the been any audits done to the conpot source code?
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2158
Joined: Thu Jul 11, 2013 2:37 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Fri Jul 10, 2015 11:56 pm

What do you understand by the terms ICS and SCADA?
Rockets are loud.
https://astro-pi.org

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 2:26 am

SCADA is a technology that lets a person control equipment remotely and are used in places like airports, nuclear facilities and other such places. Here is a definition from tech target. SCADA (supervisory control and data acq ... ng alarms.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
bobstro
Posts: 193
Joined: Wed Feb 05, 2014 6:48 am
Location: Central Massachusetts, US
Contact: Website

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 3:16 am

How far have you gotten following the instructions? What are you trying to emulate?

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 4:25 am

I am trying to emulate ether a nuclear reactor or a power plant. Which ever is easier I will pick. I have ran this command

Code: Select all

sudo apt-get install git libsmi2ldbl smistrip libxslt1-dev python-dev libevent-dev
but should I run these commands

Code: Select all

sudo apt-get install python-pip
sudo pip install argparse
?
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 4:36 am

One part I don't like about con pot is that it makes you install non free version of snmp-mibs-downloader. I don't like that so I was thinking that I should install con pot on Ubuntu mate running on my pi 2B.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

marked
Posts: 218
Joined: Fri Jul 29, 2011 4:25 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 6:55 am

I take it this system is going nowhere near a live internet?

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Jul 11, 2015 2:05 pm

It could be put on the internet but I won't until my honeypot gets it's own dedicated network.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sun Jul 12, 2015 12:16 am

I first ran this command

Code: Select all

sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev
and it ran fine but then I tried to install conpot with this command

Code: Select all

sudo pip install conpot
I got an error.

Code: Select all

Welcome to Ubuntu 15.04 (GNU/Linux 3.18.0-20-rpi2 armv7l)

 * Documentation:  https://help.ubuntu.com/

2 packages can be updated.
0 updates are security updates.

Last login: Sat Jul 11 20:09:45 2015 from 192.168.1.103
[email protected]:~$ clear

[email protected]:~$ sudo pip install conpot
[sudo] password for anonymous: 
Downloading/unpacking conpot
  Downloading Conpot-0.4.0.tar.gz (97kB): 97kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/conpot/setup.py) egg_info for package conpot
    
Downloading/unpacking gevent>=1.0 (from conpot)
  Downloading gevent-1.0.2.tar.gz (1.7MB): 1.7MB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/gevent/setup.py) egg_info for package gevent
    
Downloading/unpacking pysnmp>=4.2.4 (from conpot)
  Downloading pysnmp-4.2.5.tar.gz (225kB): 225kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/pysnmp/setup.py) egg_info for package pysnmp
    
Requirement already satisfied (use --upgrade to upgrade): lxml in /usr/lib/python2.7/dist-packages (from conpot)
Downloading/unpacking bottle (from conpot)
  Downloading bottle-0.12.8.tar.gz (69kB): 69kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/bottle/setup.py) egg_info for package bottle
    
Downloading/unpacking jinja2 (from conpot)
  Downloading Jinja2-2.7.3.tar.gz (378kB): 378kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/jinja2/setup.py) egg_info for package jinja2
    
    warning: no files found matching '*' under directory 'custom_fixers'
    warning: no previously-included files matching '*' found under directory 'docs/_build'
    warning: no previously-included files matching '*.pyc' found under directory 'jinja2'
    warning: no previously-included files matching '*.pyc' found under directory 'docs'
    warning: no previously-included files matching '*.pyo' found under directory 'jinja2'
    warning: no previously-included files matching '*.pyo' found under directory 'docs'
Downloading/unpacking beautifulsoup4 (from conpot)
  Downloading beautifulsoup4-4.4.0-py2-none-any.whl (81kB): 81kB downloaded
Requirement already satisfied (use --upgrade to upgrade): requests in /usr/lib/python2.7/dist-packages (from conpot)
Downloading/unpacking sphinx (from conpot)
  Downloading Sphinx-1.3.1-py2.py3-none-any.whl (1.3MB): 1.3MB downloaded
Downloading/unpacking libtaxii>=1.1.0 (from conpot)
  Downloading libtaxii-1.1.106.tar.gz (132kB): 132kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/libtaxii/setup.py) egg_info for package libtaxii
    
    warning: no files found matching 'README.md'
    warning: no previously-included files matching '*.pyc' found under directory 'docs'
    warning: no previously-included files matching '*.pyo' found under directory 'docs'
    no previously-included directories found matching 'docs/_build'
Downloading/unpacking MySQL-python (from conpot)
  Downloading MySQL-python-1.2.5.zip (108kB): 108kB downloaded
  Running setup.py (path:/tmp/pip-build-3xfyDP/MySQL-python/setup.py) egg_info for package MySQL-python
    sh: 1: mysql_config: not found
    Traceback (most recent call last):
      File "<string>", line 17, in <module>
      File "/tmp/pip-build-3xfyDP/MySQL-python/setup.py", line 17, in <module>
        metadata, options = get_config()
      File "setup_posix.py", line 43, in get_config
        libs = mysql_config("libs_r")
      File "setup_posix.py", line 25, in mysql_config
        raise EnvironmentError("%s not found" % (mysql_config.path,))
    EnvironmentError: mysql_config not found
    Complete output from command python setup.py egg_info:
    sh: 1: mysql_config: not found

Traceback (most recent call last):

  File "<string>", line 17, in <module>

  File "/tmp/pip-build-3xfyDP/MySQL-python/setup.py", line 17, in <module>

    metadata, options = get_config()

  File "setup_posix.py", line 43, in get_config

    libs = mysql_config("libs_r")

  File "setup_posix.py", line 25, in mysql_config

    raise EnvironmentError("%s not found" % (mysql_config.path,))

EnvironmentError: mysql_config not found

----------------------------------------
Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/pip-build-3xfyDP/MySQL-python
Storing debug log for failure in /home/anonymous/.pip/pip.log
[email protected]:~$ 
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Mon Jul 13, 2015 8:21 pm

I have fixed that error now I am getting this error. sudo conpot --template default

_
___ ___ ___ ___ ___| |_
| _| . | | . | . | _|
|___|___|_|_| _|___|_|
|_|

Version 0.4.0
Glastopf Project

2015-07-12 09:17:07,191 Starting Conpot using template: /usr/local/lib/python2.7/dist-packages/conpot/templates/default
2015-07-12 09:17:07,192 Starting Conpot using configuration found in: /usr/local/lib/python2.7/dist-packages/conpot/conpot.cfg
2015-07-12 09:17:07,251 Starting new HTTP connection (1): www.telize.com
2015-07-12 09:17:07,510 Fetched 208.58.43.151 as external ip.
Traceback (most recent call last):
File "/usr/local/bin/conpot", line 331, in <module>
main()
File "/usr/local/bin/conpot", line 260, in main
server = server_class(protocol_template, root_template_directory, args)
File "/usr/local/lib/python2.7/dist-packages/conpot/protocols/modbus/modbus_server.py", line 34, in __init__
self._configure_slaves(template)
File "/usr/local/lib/python2.7/dist-packages/conpot/protocols/modbus/modbus_server.py", line 41, in _configure_slaves
slave = self.add_slave(slave_id)
File "/usr/local/lib/python2.7/dist-packages/modbus_tk/modbus.py", line 889, in add_slave
return self._databank.add_slave(slave_id, unsigned)
TypeError: add_slave() takes exactly 2 arguments (3 given)
[email protected]:~$
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 3:30 pm

I have been looking on Google and have tried to fix this problem but I can't find a solution. Please help! :(
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
lpsw
Posts: 167
Joined: Thu Jun 25, 2015 4:45 pm
Location: USA

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 5:59 pm

Self-education is, I firmly believe, the only kind of education there is - Isaac Asimov

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 7:53 pm

Thank you! How do I add a hmi and what ports does conpot use?
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
bobstro
Posts: 193
Joined: Wed Feb 05, 2014 6:48 am
Location: Central Massachusetts, US
Contact: Website

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 9:27 pm

Why do you want to add HMI?

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 9:37 pm

because it would make it easier to interact with. It would also make it (at least in my mind) more realistic. My pi is currently running conpot as a Kamstrup 382 power meter.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
lpsw
Posts: 167
Joined: Thu Jun 25, 2015 4:45 pm
Location: USA

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 11:39 pm

Don't let scope creep ruin your dreams.
Self-education is, I firmly believe, the only kind of education there is - Isaac Asimov

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Tue Jul 14, 2015 11:42 pm

My goals for this project are
1. Find a ICS/SCADA honeypot √
2. Get that Honeypot working √
3. Add a HMI
4. Wait
5. Look over conpot's log files learn from the results
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
bobstro
Posts: 193
Joined: Wed Feb 05, 2014 6:48 am
Location: Central Massachusetts, US
Contact: Website

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Wed Jul 15, 2015 1:56 am

lpsw wrote:Don't let scope creep ruin your dreams.
Or reality for that matter, I guess...

Most HMI I see are ancient PCs running dangerously outdated versions of Windows. Nothing magical about them, other than that really expensive software that never gets patched.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Wed Jul 15, 2015 2:03 am

So the HMI is out of the question? O well this is still a very fun and interesting project for me! :D
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
bobstro
Posts: 193
Joined: Wed Feb 05, 2014 6:48 am
Location: Central Massachusetts, US
Contact: Website

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Wed Jul 15, 2015 2:11 am

HMI by itself wouldn't add much to it. You're a very long way from emulating a complete system.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Wed Jul 15, 2015 2:18 am

I currently am only emulating a smart meter but I would love to use conpot to emulate something larger and more complex.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

lionzhang
Posts: 1
Joined: Sat Aug 22, 2015 5:24 am

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Sat Aug 22, 2015 5:29 am

Setup Conpot Without ERROR

Code: Select all

sudo apt-get install git cython python-dev python-pip build-essential libxml2-dev libxslt1-dev libevent-dev snmp-mibs-downloader libmysqlclient-dev

cd /opt
sudo git clone http://github.com/glastopf/modbus-tk.git
cd modbus-tk/
sudo python setup.py install

sudo pip install conpot
http://wiki.dlutee.com/wiki/wiki.php?id ... 9%E8%A3%85

JRhodes
Posts: 1
Joined: Wed Nov 11, 2015 2:13 am

Re: Running a ICS/SCADA Honeypot on a Raspberry Pi

Wed Nov 11, 2015 3:30 pm

Hey, RPISwag, did you ever fix the add_slave error? Trying to set up my instance and running into a few problems.

Return to “General discussion”