Closed SecuriLee closed 1 year ago
tonoitp
commented
1 year ago I agree! Or even better, a way go configure some services self. I wanted to make a a few honeypots that looks natural, so one to look like a mailserver i'd like to open 25, 465, 993 A printserver with 80,443,9100, but also a tacacs/radius server.
And there are even more custom ports one likes to monitor
jayjb
commented
1 year ago Hey @SecuriLee,
Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks.
Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it.
tonoitp
commented
1 year ago Hi Jay,
"I'd be happy to work with you on building this service and adding it." Well.... Though i'm not a programmer by profession, I do have some knowledge on programming. I surely won't mind to help out.
//Tonny
On 24/03/2023 19:05, Jay wrote:
Hey @SecuriLee https://github.com/SecuriLee,
Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks.
Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it.
— Reply to this email directly, view it on GitHub https://github.com/thinkst/opencanary/issues/235#issuecomment-1483211907, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJHMJJZJCHWEB6HSUOPTP33W5XO7BANCNFSM6AAAAAAVEAZGBU. You are receiving this because you commented.Message ID: @.***>
SecuriLee
commented
1 year ago Hey @SecuriLee,
Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks.
Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it.
Hi Jay, sorry but I am a CISO, former mail system guy and my last experience of coding was supporting an SMTP gateway being developed for Notes 2.1a on OS/2. I could help verify the functionality according to the SMTP protocol but not coding.
Tonny has some interesting input especially talking about TLS. Since TLS is the norm, bringing some ACME into play and working with Certbot and other ACME tooling would be useful to "appear" more modern.
I have two OpenCanaries facing the Internet and feeding Splunk with most ports and protocols open. It's brilliantly informative and a great indicator of how dirty the Internet is.
I believe it would be extremely interesting to add SMTP on TCP/25 to this project. The expectation is that certain objects could be collected via this method, namely emails (phishing) and binaries (malware). It would be great to be able to save the objects into different folders and (in my case) add to a folder-watching process that uploads the malware to VirusTotal via API.
Ideally the config would also allow for the retention of a volume (size or number of objects) so that my OC does not fill (but I could also do this from the command line).
Background: I have an OC sitting open on the Internet and this feature would be excellent for the research usage I'm putting it to.