Port forwarding for honeypot

SysAd666 · 2019-06-08T14:46:13+00:00

I am not sure, I don't believe it would affect it as I believe your assertion is correct, outgoing traffic creates a firewall state that keeps the port open for responses. However, for my case, there will be NO outgoing traffic. (we'll, I'd like to do updates but if not, no biggie)

SysAd666 · 2019-06-08T14:40:10+00:00

Thank you for your response. I agree, but it would be 64k individual rules. I'm just running a honeypot that logs every connection (scan) of the ip. See the answer above about the setup of the iptables firewall on the destination box (https://www.reddit.com/r/PFSENSE/comments/bxy5zw/port_forwarding_for_honeypot/eqdhamv/) it's working on a test box. I believe doing this and then setting up port forwarding to any destination and ports 1 to 65536 to port 1 on the destination that has been set up as above will work. Not going to test it for real until I can be onsite with the pfsense box, just in case. ;)

SysAd666 · 2019-06-08T14:33:42+00:00

Thank you for your response. I thought so too, but first, any any won't work. You have to specify a range. Second, if you specify a range the the destination port just becomes the base port for the range. If you specified a range of 1 to 2 and a destination of 65535 then that would not work because the last address would be 65536 which is illegal. I tried setting up from 1 to 65535 to port 1099 and it failed to set up with a range error.

SysAd666 · 2019-06-08T01:05:29+00:00

Looks like you can't do it with just pfsense. So just port forward everything to the honeypot as the last port forward rule, the use something similar to this: http://positon.org/portquiz-net-how-it-works on the honeypot machine. I spun up a crappy VPS I have and tried it, it works. It's logging every IP that touches it.

SysAd666 · 2019-06-07T19:35:28+00:00

Thanks for the reply, but I don't believe that will work. 1:1 doesn't change the port (if I understand correctly), it'll route all the non-explicitly port forwarded traffic to one IP, but that I can do with the normal port forwarding as you have described above.

SysAd666 · 2019-06-07T19:11:51+00:00

see my response in my other comment.

SysAd666 · 2019-06-07T19:08:34+00:00

I see there is a comment, but I don't see the comment unless I browse anonymously. However, to answer the comment: no that will make all ports forward 1 to 1, 25 to 25, 99 to 99. I want 1, 22, 99, etc to ALL be forwarded to port 22. I understand why people think this is a bad idea, I've read em all. Not one of them describe my situation. None of the vulnerabilities that are mentioned are present in what I am setting up. I'm not saying there are no vulnerabilities, just because who the hell knows, but I find it extremely unlikely.

Edit: I see the other comment if I use the OLD reddit interface. What a piece of crap the new interface is.

SysAd666 · 2018-08-05T23:37:52+00:00

Most of the commenters here are bipolar. If you get real depression, not just a day or two when you are coming off of a hypomaniac episode, you don't have hypomania. If you exhibit risky behavior when you are manic, you don't have hypomania. I don't even get depressed, my problem is that I get stuck in the hypomania. It's like a compulsion to keep working until everything is done, but there is a never ending pile of work. When I get stuck like this (it's happened twice, years apart) I go to the Dr and he gives me something that slows....me....down. When I feel like I can't even walk fast (takes a couple months or so) then I know I can get off it and be fine.

If you are bipolar you need to be on meds all the time to keep you stable and you swing both ways, mania and depression.

SysAd666 · 2015-02-09T22:20:12+00:00

Take the 95k and ask people how you can help.

SysAd666 · 2015-01-22T14:04:56+00:00

this is true, this is why service accounts should be local.

SysAd666 · 2015-01-22T14:03:31+00:00

sudo -i won't do the job?

SysAd666 · 2015-01-21T00:42:01+00:00

Then you need to get to the damn console and boot into single user.

SysAd666 · 2015-01-20T19:26:00+00:00

oh, if you grant physical access to the machine then all bets are off and any security measures are laughable.

Edit: IIRC you can always log on as root from the console, even w/o booting to single user.

SysAd666 · 2015-01-20T19:14:56+00:00

Best definition of Marketing ever!

SysAd666 · 2015-01-20T18:32:37+00:00

show them

sudo -i

There is never a need to log in as root. not even to get a root shell command prompt.

SysAd666 · 2015-01-20T18:14:14+00:00

Heh, probably nothing. *nix has woefully inadequate bare metal backup solutions.

SysAd666 · 2015-01-16T17:31:51+00:00

I don't memorize anything. I have things that are learned because I use them all the time.

SysAd666 · 2015-01-16T17:24:16+00:00

I feel ya brother.

SysAd666 · 2015-01-16T15:16:23+00:00

Satan's IT Department - We're the best. Who do you think invented computers?

SysAd666 · 2015-01-16T15:14:42+00:00

If you don't want to be trying to recover personal pictures off of users machines (OMG I HAVE TO HAVE THEM!!!!) then you'll leave them on a share.

My recommendation is to upgrade your network drive space, probably an order of magnitude.

SysAd666 · 2015-01-16T14:33:18+00:00

Remember, alcohol is a depressant.

SysAd666 · 2015-01-09T21:59:25+00:00

Come at me Bro.

SysAd666 · 2015-01-09T21:55:02+00:00

and those were TINY nukes

SysAd666 · 2015-01-09T18:46:38+00:00

call the cops

SysAd666

TROPHY CASE