-
-
Notifications
You must be signed in to change notification settings - Fork 417
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conpot stops functioning after nmap scans #564
Comments
Interesting - a quick question. what happens if you scan the Conpot from anything else than 127.0.0..1 (localhost) |
Same exact behavior.
…On Tue, Jan 4, 2022, 10:59 Vingaard ***@***.***> wrote:
Interesting - a quick question. what happens if you scan the Conpot from
anything else than 127.0.0..1 (localhost)
like nmap scan:
nmap -sV -v {inset conpot_ip}
—
Reply to this email directly, view it on GitHub
<#564 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACXQXIGDMOPMELFVU2S4AILUULAI3ANCNFSM5LGB75IA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Anybody confirming the same behavior or found an alternative way to solve it? |
I've just checked out the latest code from GitHub, run |
Strange, I tried both the docker-compose and through the virtualenv, on fresh new Debian and Arch systems and I got the explained issue. I found many places in the code where the issue makes sense, the lack of sockets closing and error handling during loops. Gonna make a PR when finished. Now it seems to deterministically work |
Maybe this is unrelated to the issues title, however I have been noticing conpot Example Example Conpot behavior changes afterwards. While connections still can be made there is no logging and no functionality. This is based on git commit 1c2382e. Still have to test latest master. Update: I can confirm to reproduce this behavior with |
In my latest local version all the protocols in the default template works correctly after multiple |
@bestrocker221 Interesting, |
Behavior is the same with Py 3.7/3.8/3.9 with Alpine and Ubuntu as Docker images. Dirty, but works fine if
Keeping 🤞 for a solution, though 😄 |
@t3chn0m4g3 Hi, the solution might work but is just a workaround that does not actually fix the code behind it. I left conpot with default template running for a week and it eventually stopped functioning, now I checked and it was using 100% CPU, but since it is one single process I can't distinguish without a debugger what is going on.. need more testing. Restarting the process as you say can work, but is indeed "dirty". |
Conpot does not work anymore after nmap scanning. Both through the container and not.
The process keeps running, but the ports do not react anymore and the logging is stopped.
This unfortunately makes the honeypot pretty much useless since it cannot withstand a basic nmap scan.
To Reproduce
docker-compose up
nmap -sV -v 127.0.0.1
Expected behavior
Conpot keeps running, with the logs saved of each connection attempt.
Any help?
Thank you!
The text was updated successfully, but these errors were encountered: