How to Create a Simple Honeypot with Spring Boot

I am sure that there are plenty of honeypots for logging remote intruders but none yet has been done on Spring Boot. So I decided to write a simple one while exploring Spring Boot:

https://github.com/terry81/blocker

It does the following – listens on a preconfigured port. Define it in the application properties (src/main/resources/application.properties) as blocker.honeypot_port. By default the port is 6666. If you intend to run the honeypot under a non-privileged user, which is recommended, you must choose a port above 1024.

Anyone that connects on the predefined port will be logged to a file name defined by blocker.log_filename in the application properties. By default, it is /tmp/blocker.log. One and the same IP is logged only once.

It’s also possible to whitelist IPs under the property blocker.whitelisted_ips again in the application properties. It’s a good idea to whitelist your own IP so that you don’t get blocked.

To compile it, simply download it and run the usual ‘mvn clean install’. In the target directory you will find the jar blocker-0.1.jar. Run it as usually:

java -jar blocker-0.1.jar &

I’ve added ‘&’ at the end so that the process continues in the background and doesn’t exit when you exit the terminal.

The above is best run under a non-root, dedicated user. Once you have intruders logged in /tmp/blocker.log, you can block them with iptables. For this purpose create a simple Bash file such as:

#!/bin/bash
for i in `cat /tmp/blocker.log`; do iptables -I INPUT -s $i -j DROP; done
> /tmp/blocker.log

The above script will block each IP and after that clear the log file. You have to run it as root and you can set it as a periodic cron job.

Take a look at the code and hopefully you will find something useful. If you have any comments / questions let me know.

Comments

This post currently has one response

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sidebar



%d bloggers like this: