search

mushorg / conpot

ICS/SCADA honeypot
GNU General Public License v2.0
1.21k stars 410 forks source link

Description of default template no longer accurate #537

Open srenfo opened 3 years ago

srenfo commented 3 years ago

The current help text of the default template is outdated and wrong:

--------------------------------------------------
 Available templates:
--------------------------------------------------
[...]
   --template default
       Unit:        Siemens - S7-200
       Desc:        Rough simulation of a basic Siemens S7-200 CPU with 2 slaves
       Protocols:   HTTP, MODBUS, s7comm, SNMP
       Created by:  the conpot team
[...]

For reference:

$ tree -d
.
├── bacnet
├── enip
├── ftp
├── http
│   ├── htdocs
│   │   └── tests
│   └── statuscodes
├── ipmi
├── modbus
├── s7comm
├── snmp
├── ssl
└── tftp

(ssl is not a protocol)

This does not strike me as an S7-200 any more. IMO we could/should

I don't know how important say the S7-200 template is. Maybe open separate issues for each?

glaslos commented 3 years ago

Haha, I was about to create a new ticket for the template description :joy: how about renaming default to sample? IIRC that was the intention, to show a basic configuration for all the protocols available.

srenfo commented 3 years ago

Sure. Changing the Desc: text to match should be non-controversial then if that was the original intention anyway. :smiley_cat:

Is there any value in restoring an S7-200 template? I don't know how close to reality that template was to begin with or how much demand there might be.

southwestflavorz commented 1 year ago

Is there a repo of common templates folks are using? I'm a student who's testing honeypot interactions for analysis, and I would love to include additional ICS devices beyond the S7-200 that serves as the "default"