MQTT changes, scanner reaction status , HA typo

[Dezorian]

Further changed honeypot into canary. Also changed the MQTT reference to leave out the first slash as this is more common imo. Added some more scanner reaction tests. Fixed HA typo.

[shafr]

Thanks for update! I don't like the way I implemented notifications, with double-sending of messages which can mess-up the Telegram, but that's another story. Does Ping worked for you ?

[Dezorian]

Your welcome! I haven't checked Telegram because I use MQTT to send it to Home Assistant server and can send notifications from there with all the message routing and decision functionality I like to add. Ping works great in HA! But I guess you mean if a ping is detected? I haven't checked that functionality.

[Dezorian]

Ok, i've checked the ping functionality, but that is all over the place. My router and Home Assistant are detected as scanners, so this is too sensitive. It actually picks up its own pings...

[saikek]

Hm, is you router somehow different than your gateway ? Other that those 2 devices is there any other false positives ? Probably i'll have to do a comma-separated list of IP addresses that are "safe" but later would have to update

[Dezorian]

Ruling out a csv with ip adresses would work best I think. My router is the same as my gateway but it is in a mesh WiFi network so my access points were also detected as scanners. Looks like they Ping devices to see if they are online or not. And the home assistant integration is also pinging 😄

[shafr]

Ok, i have the same situation - most likely it is related to MQTT connection. Other from home-assistant i'm not getting any other false positives.

This change should do a trick:

    #if MQTT_ENABLED
    if (attackerIP.equals(MQTT_HOST))
    {
        return;
    } 
    #endif

[shafr]

Probably for the moment you can add custom line of code for each router - I'll think about universal solution. Inside ping.cpp:findIpInsideArpRequest()