Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hpfriends integration #9

Open
honeymap opened this issue Aug 15, 2013 · 24 comments
Open

hpfriends integration #9

honeymap opened this issue Aug 15, 2013 · 24 comments

Comments

@honeymap
Copy link

I have been looking on the honeymap/hpfriends/heipei github for directions on how to install a very basic setup of honeymap.

but when running server/server, I get the following error:

2013/08/15 14:56:19 Binding Honeymap webserver to 0.0.0.0:3000...
2013/08/15 14:56:19 Connecting to hpfeeds.honeycloud.net:20000...
2013/08/15 14:56:19 Connected to Hpfeeds server.
2013/08/15 14:56:19 Received error from server: Authkey not allowed to subscribe here.

any suggestions? Also, is there a way to run my own hpfeeds server? Is it just a matter of deploying a hpfeeds instance?

Project looks cool, but wish there was more documentation.

@honeymap
Copy link
Author

a little more info - in the hpfriends web portal, the error log states:

Message: Authkey not allowed to subscribe here.
Channel: geoloc.events

@heipei
Copy link
Collaborator

heipei commented Aug 16, 2013

Yeah, looks like you didn't configure the authkey in your setup to be able to subscribe to geoloc.events. Have a look here on how to do that: http://heipei.github.io/2013/05/11/Using-hpfriends-the-social-data-sharing-platform/#authkeys

@honeymap
Copy link
Author

Thanks.

so subscribe to geoloc.events. that seem to fix that error. now to figure out why the map is not displaying...

@fw42
Copy link
Owner

fw42 commented Aug 17, 2013

Our main honeypot is down at the moment, so the number of hits on the honeymap is pretty low at the moment.

@honeymap
Copy link
Author

Thanks for the update fw42!

I'd like to run this in a sandboxed environment with zero internet access -- (testing functionality)

To do so, I was planning on running my own honeymap server, and dionaea server. It looks like I would also need to emulate the hpfriends services -- is this something I can do with the hpfeeds distribution on github? Super complex, or you think it would be fairly straight forward?

@katkad
Copy link
Contributor

katkad commented Aug 26, 2013

hi,

should be map working at the moment ? (i mean local instances, not http://map.honeynet.org/)

i am running local instance, and no data shows
wireshark shows just (what i suppose is) initial connection to
hpfriends.honeycloud.net and then i don't see any communication

i tried this last week, also no data on honeymap, but hpfriends.honeycloud.net
was transmitting data like:
bytes_received: 211120126
bytes_sent: 9262638
published: 521662
received: 27956

any way to debug this ? i do not see any logs

@fw42
Copy link
Owner

fw42 commented Aug 26, 2013

Hi,

if your setup is correct, you should see the same data as our honemap (http://map.honeycloud.net/), which is not a lot at the moment, since our honeypot is down due to hardware issues. But you should see a few events a minute at least I guess. If you want more, please consider contributing and hosting your own honeypot (and submitting your events to hpfriends).

Flo

@honeymap
Copy link
Author

Flo,

Is there a way to running your own copy of hpfriends (is this compiling hpfeeds off of git?), or is this currently not recommended? I'd like to run in a sandbox (no internet connection to use as a internal test tool)

@fw42
Copy link
Owner

fw42 commented Aug 26, 2013

hpfriends is not open-sourced yet, sorry. Don't know how hard it would be to run hpfeeds on your own. @rep would know.

@katkad
Copy link
Contributor

katkad commented Aug 26, 2013

now i get it
i have to publish geoloc.events via https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py and data shows

i see just data from our honeypots, probably because noone is sharing their data with me
(i am using my ident and secret, maybe there is global one for this, which i don't know)

can you mention it in README so other people would avoid no data in their honeymaps ?

@RKStevens
Copy link

Iam trying to get a local instance running as well. I am connected to the backend on both dionaea and the honeymap. Where does geoloc.py come into play.

@katkad
Copy link
Contributor

katkad commented Mar 7, 2014

hello

1, download https://github.com/rep/hpfeeds/tree/master/examples/geoloc along with https://github.com/rep/hpfeeds/tree/master/lib into one directory
2, edit https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py with your credentials
3, run https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py along with honeymap server

geoloc publishes geoloc events, which are displayed on the map

@RKStevens
Copy link

Thanks kat! After a few issues with importing GeoIP, I finally got geoloc.py running with my credentials but still no data on the map?

@katkad
Copy link
Contributor

katkad commented Mar 12, 2014

it seems there is problem with broker. I can not authenticate. there are no events on http://map.honeynet.org/ too. I already contacted the right people.

@r3k2
Copy link

r3k2 commented Feb 18, 2016

is this still broken? I just try the link and no data..

@katkad
Copy link
Contributor

katkad commented Feb 18, 2016

Hi, I guess it is down currently. I asked on ML, but no answer so far. Last event I received is from 2016-02-16 08:33:40.969085 CET +0000 .

@r3k2
Copy link

r3k2 commented Feb 19, 2016

is there a way to get the main data to show on my honeymap instead of just my data? I think this is a threat related to that but not 100% sure.. if indeed is.. is there a howto somewhere? thanks! i'm using MHN server.

@fw42
Copy link
Owner

fw42 commented Feb 19, 2016

As far as I know, the broker is not down, it's just that nobody is sharing any honeypot data anymore via hpfeeds. One of the biggest honeypots (RWTH Aachen University) was shut down.

@r3k2
Copy link

r3k2 commented Feb 19, 2016

hmm I could share my data. I dont mind is not private, my personal honey pots are just for my own research.

@katkad
Copy link
Contributor

katkad commented Mar 2, 2016

@chrisfernandez hi, you can sign up here (with your github account for example) http://hpfriends.honeycloud.net/#/home create keys, and share the data

But data distribution does not work. That's why I guess the broker is down.
When data distribution will be OK, you should see something here https://honeymap.cz/ .
I had no time to setup our own solution, so data on it is distributed through The Honeynet Project broker.

@r3k2
Copy link

r3k2 commented Mar 2, 2016

Hello Katarine.. I don't see any link on that site to be able to register...

El mié., 2 mar. 2016 a las 1:46, Katarina Durechova (<
[email protected]>) escribió:

@chrisfernandez https://github.com/ChrisFernandez hi, you can sign up
here (with your github account for example)
http://hpfriends.honeycloud.net/#/home create keys, and share the data

But data distribution does not work. That's why I guess the broker is down.
When data distribution will be OK, you should see something here
https://honeymap.cz/ .
I had no time to setup our own solution, so data on it is distributed
through The Honeynet Project broker.


Reply to this email directly or view it on GitHub
#9 (comment).

http://hispagatos.org
http://binaryfreedom.info
Free Software Foundation
The Linux Foundation
Electronic Frontier Foundation
DefCon 617 user group
I2p Network
LibrePlanet
rek2wilds, BBK
https://twitter.com/B1naryFreed0m
https://www.linkedin.com/in/chfernandez

@katkad
Copy link
Contributor

katkad commented Mar 2, 2016

Oh, really. There is no sign-in button now. I didn't notice before.

@fw42
Copy link
Owner

fw42 commented Mar 2, 2016

@rep might be able to answer those questions

@r3k2
Copy link

r3k2 commented Mar 7, 2016

Thanks @katkad @fw42 hopefully @rep responds, I'm very interested, I have no idea of coffeescript, nor JS, so going to pay someone to update the honeymap on my fork, also notice that one lib that honemap depends on is a golang(that I do know) lib that is checking the google code site, I fork that project and did the right changes and have pointed my own honeymap fork to use my lib fork. so now I have it working locally to be able to work on it (I currently have an production one but is from the MHN project so they already fixed that). https://pot.hispagatos.org:8443/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants