glaslos
commented
3 years ago We could also drop get_ext_ip, I don't recall exactly why needed this in the first place :thinking:
Open srenfo opened 3 years ago
glaslos
commented
3 years ago We could also drop get_ext_ip, I don't recall exactly why needed this in the first place :thinking:
srenfo
commented
3 years ago We could also drop
get_ext_ip, I don't recall exactly why needed this in the first place thinking
git blame led me to #40 (there's a commit linked in the issue). :sunglasses:
I'm all for removal if it's not needed. In the code it's only used in the LogWorker. It's being added to every emitted event. Maybe someone who currently runs Conpot in production (@t3chn0m4g3?) can chime in as to its usefulness?
We can always do a Scream Test, i. e. remove it and see if anyone screams. (I just now learned that that has a name. :laughing:)
glaslos
commented
3 years ago Yeah, this was from back in the day when we assumed people would setup sensors and contribute to the hpfeeds network :)
glaslos
commented
3 years ago I don't think @t3chn0m4g3 is using MySQL, he usually collects data using hpfeeds or structured logs IIRC
t3chn0m4g3
commented
3 years ago @glaslos Correct, not using MySQL. WRT get_ext_ip this is probably interesting for folks who run Conpot in a docker container to log the external dest_ip.
The SNMP protocol should not use a hardcoded server to fetch MIBs. In fact, downloads at runtime should probably be avoided altogether.
The offending lines are:
https://github.com/mushorg/conpot/blob/ff09e009d10d953aa7dcff2c06b7c890e6ffd4b7/conpot/protocols/snmp/command_responder.py#L62-L64
This has caused issues in the past (#516, possibly #510) when snmplabs.com went down (https://github.com/etingof/pysnmp/issues/376) and will cause issues again if/when Cisco change anything with their FTP server.
Ideally we would bundle the MIB sources with the templates. There are various repositories that they can be sourced from, including net-snmp on GitHub, or even the Cisco server from above. But I do not know what this would involve license-wise or copyright-wise, so I hesitate to create such a PR.
The other option is to install an appropriate package via
apt(orpip?). There exists such a package for Fedora in net-snmp-libs (the MIBs are put in/usr/share/snmp/mibs/and get picked up by PySNMP), but I have failed to find one for Debian.The cop-out answer is to move the server path to the template or config file, but since we would presumably set a default, this would still lead to complaints once the default stops working.