Walter.Net.HoneyPot
2021.11.10.852
Prefix Reserved
See the version list below for details.
dotnet add package Walter.Net.HoneyPot --version 2021.11.10.852
NuGet\Install-Package Walter.Net.HoneyPot -Version 2021.11.10.852
<PackageReference Include="Walter.Net.HoneyPot" Version="2021.11.10.852" />
paket add Walter.Net.HoneyPot --version 2021.11.10.852
#r "nuget: Walter.Net.HoneyPot, 2021.11.10.852"
// Install Walter.Net.HoneyPot as a Cake Addin #addin nuget:?package=Walter.Net.HoneyPot&version=2021.11.10.852 // Install Walter.Net.HoneyPot as a Cake Tool #tool nuget:?package=Walter.Net.HoneyPot&version=2021.11.10.852
About the Honey-Pot detector
The honey pot detector allows to detect and interact with applications that are attempting to communicate with your server via a particular port. Understanding who is maliciously trying to exploit the system helps identify bad actors and will allow you to tune the system alerting an attempt by a system classified as being a bad actor and will allow the framework to block any requests and or return a payload.
Integrating the honey-pot detector in your application
Integrating the honey-pot listener takes 3 steps.
step 1:
Foreword ports in your edge switch to ports monitored by the honey-pot configuration. A recommendation is to map the ports to a free port not used by the server. An example map port 22 to port 60022 and configure the honey-port to watch any communication on port 4000
step 2
Configure the firewall to allow communication on port 4000.
step 3
Configure the application to subscribe to the port detections. To do this in the firewall you should use a configuration similar to this:
services.AddFireWall()
.UsePortScannerProtection(connectionString: DatabaseConnections.FireWallState, options =>
{
/* map the service ports to a local port on your computer
* Redirect the requests to your computer and open the firewall
* for the redirected ports */
options.SSH = 4000; // map port 22 to port 4000 on your router
options.TSQL = 4001; // map port 1433 to port 4001 on your router
options.Telnet = 4002; // map port 23 to port 4002 on your router
options.MYSQL = 4005; // map port 3306 to port 4005 on your router
options.DNS = 4006; // map port 53 to port 4005 on your router
options.Telnet 4007; //map port 23 to port 4007 on your router;
/*you can manually map port aliases in the range from 0 till 65535*/
options.AddOrUpdate(externalPort: 587, internalPort: 4007, name: "ESMTP Extended Simple Mail Transfer Protocol");
options.AddOrUpdate(externalPort: 647, internalPort: 4008, name: "DHCP Fail-over");
/*Record up-to 8,000 character when someone is trying to attack the service for legal reporting*/
options.MaximumDataSizeToAccept = 254;
/*Look between every 100ms and 30000ms if someone is trying to gain access to the system */
options.PoolFrequency = 100;
/* Add a default reply to any connection, you can send an auto-reply
* You can use the template values:
* {IP} - the attackers IP address
* {Port}- the port being attacked
* {Name}- the name of the alias being used
* {ISP} - the name of the Internet service provider that the attacker is using will be injected
* {Country} - the country name will be injected
* to personalize the message or leave it blank to record silently*/
options.DefaultReply = "This service is being monitored and we have detected your intentions attack {Name}" +
" via {IP}:{Port} to gain unlawful access to the system, please note that any unlawful" +
" activity will be reported to {ISP} as well as the relevant authorities in {Country}";
})
The above code assumes that you are using the FireWall from NuGet package Walter.Web.FireWall. If you are using any of the services that you are monitoring then map the default ports to custom ports on your router there are 2 steps for this:
- Map the custom port on the router, an example map 222 to port 22
- Use port 222 to connect using SSH
Please note that a lot of attackers are looking for victims using port scanners to target venerable IP addresses before attacking a system. You can have a look here and see how these attacks are being executed.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 is compatible. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.0 was computed. netcoreapp3.1 is compatible. |
.NET Standard | netstandard2.1 is compatible. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETCoreApp 3.1
- Microsoft.Extensions.Configuration.Binder (>= 6.0.0)
- System.IO.Pipelines (>= 6.0.0)
- Walter.Net.LookWhosTalking (>= 2021.11.10.852)
- Walter.Net.Networking (>= 2021.11.10.852)
-
.NETStandard 2.1
- Microsoft.Extensions.Configuration.Binder (>= 6.0.0)
- System.IO.Pipelines (>= 6.0.0)
- Walter.Net.LookWhosTalking (>= 2021.11.10.852)
- Walter.Net.Networking (>= 2021.11.10.852)
-
net5.0
- Microsoft.Extensions.Configuration.Binder (>= 6.0.0)
- System.IO.Pipelines (>= 6.0.0)
- Walter.Net.LookWhosTalking (>= 2021.11.10.852)
- Walter.Net.Networking (>= 2021.11.10.852)
-
net6.0
- Microsoft.Extensions.Configuration.Binder (>= 6.0.0)
- System.IO.Pipelines (>= 6.0.0)
- Walter.Net.LookWhosTalking (>= 2021.11.10.852)
- Walter.Net.Networking (>= 2021.11.10.852)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Walter.Net.HoneyPot:
Package | Downloads |
---|---|
Walter.Web.FireWall
Enhance .NET applications with a robust firewall, designed as middleware and IActionFilter, protecting against CVE attacks, web scraping, and phishing. Configurable via annotations and a rule engine services.AddFireWall(FireWallTrial.License, FireWallTrial.DomainKey , domainName: new Uri("https://www.your-domain.com", UriKind.Absolute) , options => { //your options }); Have a look at the GitHub samples at https://github.com/ASP-WAF/FireWall and https://github.com/ASP-WAF/FireWall/wiki to see how to use the firewall in applications. You can view the firewall in action using https://www.asp-waf.com/Firewall You can get started with the firewall using the samples shown in https://www.asp-waf.com/download/ASP-WAF-FireWall-Getting-Started.pdf as well as the on line documentation at https://firewallapi.asp-waf.com/ |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
2024.12.14.838 | 97 | 12/14/2024 |
2024.12.13.1227 | 95 | 12/13/2024 |
2024.12.9.1107 | 81 | 12/13/2024 |
2024.11.28.1632 | 137 | 11/28/2024 |
2024.11.20.644 | 255 | 11/21/2024 |
2024.11.15.421 | 247 | 11/15/2024 |
2024.11.11.1334 | 143 | 11/14/2024 |
2024.11.6.1222 | 211 | 11/6/2024 |
2024.10.28.1605 | 243 | 10/28/2024 |
2024.10.28.1335 | 218 | 10/28/2024 |
2024.10.19.1525 | 210 | 10/20/2024 |
2024.10.18.1315 | 222 | 10/18/2024 |
2024.9.27.1406 | 219 | 9/27/2024 |
2024.9.17.1417 | 259 | 9/17/2024 |
2024.9.12.1923 | 284 | 9/12/2024 |
2024.9.6.1352 | 300 | 9/7/2024 |
2024.9.1.1159 | 287 | 9/1/2024 |
2024.8.26.1150 | 301 | 8/26/2024 |
2024.8.19.1411 | 304 | 8/19/2024 |
2024.8.17.1000 | 305 | 8/17/2024 |
2024.8.12.1622 | 300 | 8/13/2024 |
2024.8.5.1010 | 265 | 8/5/2024 |
2024.8.1.1545 | 325 | 8/16/2024 |
2024.7.28.629 | 155 | 7/28/2024 |
2024.7.26.1512 | 169 | 7/26/2024 |
2024.7.26.828 | 149 | 7/26/2024 |
2024.7.11.1604 | 269 | 7/11/2024 |
2024.7.9.1520 | 260 | 7/9/2024 |
2024.7.4.1425 | 268 | 7/4/2024 |
2024.7.3.1249 | 268 | 7/3/2024 |
2024.7.2.1536 | 300 | 7/2/2024 |
2024.6.28.953 | 288 | 6/28/2024 |
2024.6.6.1320 | 119 | 6/8/2024 |
2024.5.15.1634 | 105 | 5/15/2024 |
2023.11.13.1117 | 1,627 | 11/13/2023 |
2023.10.26.1502 | 1,546 | 10/29/2023 |
2023.10.12.1926 | 1,683 | 10/12/2023 |
2023.9.14.812 | 1,810 | 9/14/2023 |
2023.9.7.1748 | 1,812 | 9/7/2023 |
2023.9.7.1241 | 1,796 | 9/7/2023 |
2023.9.6.1001 | 1,778 | 9/6/2023 |
2023.9.5.1246 | 1,800 | 9/5/2023 |
2023.9.5.1032 | 1,781 | 9/5/2023 |
2023.8.31.1522 | 1,855 | 8/31/2023 |
2023.8.29.1040 | 1,863 | 8/29/2023 |
2023.8.17.901 | 1,922 | 8/17/2023 |
2023.8.9.1314 | 2,020 | 8/9/2023 |
2023.8.2.750 | 2,104 | 8/2/2023 |
2023.7.12.830 | 2,071 | 7/12/2023 |
2023.7.5.1419 | 2,163 | 7/6/2023 |
2023.6.14.1628 | 2,189 | 6/14/2023 |
2023.6.11.1304 | 2,319 | 6/11/2023 |
2023.5.30.1640 | 2,236 | 5/30/2023 |
2023.5.4.1552 | 2,339 | 5/4/2023 |
2023.5.1.1524 | 2,286 | 5/1/2023 |
2023.4.29.910 | 2,493 | 4/29/2023 |
2023.4.12.1236 | 2,511 | 4/12/2023 |
2023.3.22.1456 | 2,625 | 3/22/2023 |
2023.3.14.1356 | 2,753 | 3/14/2023 |
2023.3.1.810 | 2,786 | 3/1/2023 |
2023.2.25.11857 | 2,786 | 2/25/2023 |
2023.2.22.27 | 2,783 | 2/22/2023 |
2023.2.15.1413 | 2,850 | 2/15/2023 |
2023.2.11.1628 | 2,910 | 2/11/2023 |
2023.1.11.534 | 3,039 | 1/11/2023 |
2022.12.30.711 | 3,114 | 12/30/2022 |
2022.12.16.1536 | 974 | 12/16/2022 |
2022.12.15.1241 | 917 | 12/16/2022 |
2022.12.15.1108 | 3,109 | 12/15/2022 |
2022.12.14.648 | 3,201 | 12/14/2022 |
2022.11.27.1059 | 3,214 | 11/27/2022 |
2022.11.21.338 | 3,285 | 11/21/2022 |
2022.11.14.1819 | 3,381 | 11/14/2022 |
2022.11.13.917 | 3,353 | 11/13/2022 |
2022.11.7.1632 | 1,020 | 11/13/2022 |
2022.10.31.740 | 5,989 | 11/1/2022 |
2022.10.15.652 | 6,506 | 10/15/2022 |
2022.10.1.810 | 6,820 | 10/1/2022 |
2022.9.26.1444 | 6,864 | 9/26/2022 |
2022.9.14.1508 | 6,989 | 9/14/2022 |
2022.9.14.809 | 7,071 | 9/14/2022 |
2022.9.8.1009 | 7,183 | 9/8/2022 |
2022.8.20.1007 | 7,079 | 8/20/2022 |
2022.8.1.1 | 7,186 | 7/31/2022 |
2022.7.1300 | 7,417 | 7/1/2022 |
2022.7.31.1016 | 7,283 | 7/31/2022 |
2022.7.15.841 | 7,291 | 7/15/2022 |
2022.6.21.647 | 7,273 | 6/21/2022 |
2022.5.18.638 | 7,293 | 5/19/2022 |
2022.5.16.853 | 7,423 | 5/19/2022 |
2022.5.16.816 | 7,403 | 5/16/2022 |
2022.5.4.1010 | 7,352 | 5/4/2022 |
2022.4.10.947 | 7,860 | 4/10/2022 |
2022.4.10.925 | 7,806 | 4/10/2022 |
2022.4.10.828 | 7,765 | 4/10/2022 |
2022.4.1.1545 | 8,008 | 4/1/2022 |
2022.3.31.823 | 6,854 | 3/31/2022 |
2022.3.26.1103 | 7,997 | 3/26/2022 |
2022.3.26.820 | 7,664 | 3/26/2022 |
2022.3.25.840 | 7,043 | 3/26/2022 |
2022.3.24.1701 | 1,238 | 3/25/2022 |
2022.2.16.1131 | 8,189 | 2/17/2022 |
2022.2.16.834 | 8,015 | 2/17/2022 |
2022.2.15.824 | 2,158 | 2/17/2022 |
2022.2.11.1452 | 2,284 | 2/17/2022 |
2022.2.11.931 | 2,091 | 2/17/2022 |
2022.2.5.1114 | 8,273 | 2/5/2022 |
2022.1.17.1158 | 8,051 | 1/17/2022 |
2022.1.10.1505 | 8,440 | 1/10/2022 |
2022.1.10.537 | 8,430 | 1/10/2022 |
2022.1.5.1139 | 7,861 | 1/8/2022 |
2021.12.28.1452 | 8,907 | 12/28/2021 |
2021.12.16.812 | 8,526 | 12/16/2021 |
2021.11.23.1528 | 14,791 | 11/24/2021 |
2021.11.21.925 | 14,762 | 11/22/2021 |
2021.11.19.1503 | 1,021 | 11/22/2021 |
2021.11.19.847 | 9,657 | 11/19/2021 |
2021.11.18.1824 | 9,060 | 11/16/2021 |
2021.11.10.852 | 9,855 | 11/10/2021 |
2021.11.9.2021 | 9,410 | 11/9/2021 |
2021.11.8.2109 | 7,129 | 11/9/2021 |
2021.11.8.1612 | 7,677 | 11/8/2021 |
2021.11.7.1021 | 7,750 | 11/8/2021 |
2021.11.3.1612 | 8,026 | 11/4/2021 |
2021.11.1.1102 | 6,546 | 11/1/2021 |
2021.10.25.1206 | 8,095 | 10/25/2021 |
2021.10.23.1310 | 7,941 | 10/25/2021 |
2021.10.19.1522 | 7,976 | 10/19/2021 |
2021.10.16.1325 | 7,888 | 10/18/2021 |
2021.10.9.1119 | 246 | 10/9/2024 |
2021.10.6.1546 | 7,910 | 10/6/2021 |
2021.10.5.1450 | 8,092 | 10/5/2021 |
2021.10.4.1155 | 8,098 | 10/5/2021 |
2021.10.4.807 | 1,081 | 10/5/2021 |
2021.10.1.753 | 8,124 | 10/1/2021 |
2021.9.27.1005 | 7,535 | 9/28/2021 |
2021.9.26.1913 | 8,165 | 9/26/2021 |
2021.9.19.1015 | 7,846 | 9/19/2021 |
2021.9.17.1702 | 4,722 | 9/17/2021 |
2021.9.17.1449 | 10,694 | 9/17/2021 |
2021.9.13.1600 | 6,093 | 9/13/2021 |
2021.9.12.1100 | 4,481 | 9/13/2021 |
2021.9.11.2004 | 7,393 | 9/11/2021 |
2021.9.9.1110 | 7,905 | 9/9/2021 |
2021.9.7.1901 | 8,041 | 9/8/2021 |
2021.9.7.1121 | 8,168 | 9/7/2021 |
2021.9.7.927 | 1,059 | 9/7/2021 |
2021.9.6.1518 | 7,593 | 9/7/2021 |
2021.9.4.1124 | 7,967 | 9/4/2021 |
2021.9.2.708 | 7,687 | 9/4/2021 |
2021.9.0.1259 | 7,613 | 9/2/2021 |
2021.8.2200 | 7,103 | 8/23/2021 |
2021.8.2100 | 7,954 | 8/23/2021 |
2021.8.22.900 | 8,133 | 8/22/2021 |
2021.8.18.1500 | 8,066 | 8/18/2021 |
2021.8.18.930 | 7,998 | 8/18/2021 |
2021.8.14.1600 | 8,018 | 8/16/2021 |
2021.8.14.829 | 3,860 | 8/14/2021 |
2021.8.9.1105 | 8,045 | 8/9/2021 |
2021.8.8.1612 | 7,749 | 8/8/2021 |
2021.8.8.1138 | 6,995 | 8/8/2021 |
2021.8.6.1044 | 7,722 | 8/6/2021 |
2021.8.4.1355 | 8,321 | 8/5/2021 |
2021.7.30.2118 | 8,228 | 7/31/2021 |
2021.7.27.926 | 8,184 | 7/28/2021 |
2021.7.23.931 | 8,376 | 7/26/2021 |
2021.7.22.1456 | 7,887 | 7/23/2021 |
2021.7.15.1547 | 8,003 | 7/15/2021 |
2021.7.13.812 | 7,806 | 7/13/2021 |
2021.7.8.1527 | 8,119 | 7/10/2021 |
2021.7.5.1649 | 7,126 | 7/5/2021 |
2021.6.29.1453 | 8,318 | 6/30/2021 |
2021.6.26.1753 | 8,591 | 6/27/2021 |
2021.6.25.1849 | 8,191 | 6/25/2021 |
2021.6.24.1518 | 8,171 | 6/24/2021 |
2021.6.20.729 | 15,598 | 6/20/2021 |
2021.6.14.2025 | 8,360 | 6/15/2021 |
2021.6.13.2035 | 8,644 | 6/14/2021 |
2021.6.12.1154 | 8,014 | 6/13/2021 |
2021.6.9.1120 | 8,391 | 6/9/2021 |
2021.6.7.2103 | 1,091 | 6/7/2021 |
2021.6.3.1509 | 7,989 | 6/3/2021 |
2021.5.31.1533 | 8,242 | 5/31/2021 |
2021.5.31.1415 | 8,219 | 5/31/2021 |
2021.5.25.1732 | 7,186 | 5/25/2021 |
2021.5.24.1128 | 7,929 | 5/24/2021 |
2021.5.24.1019 | 7,810 | 5/24/2021 |
2021.5.12.1054 | 7,810 | 5/12/2021 |
2021.5.12.637 | 6,165 | 5/12/2021 |
2021.5.10.1442 | 7,264 | 5/11/2021 |
2021.5.8.1226 | 7,746 | 5/8/2021 |
Major releases that add functionality other than optimization and minor bug fixing
9 November 2021
- Fix package dependency on vulnerable packages from Microsoft by upgrading vulnerable packages
08 November 2021
- Update to .Net NuGet packages .NET 6.0.0, .NET 5.0.403 and core 3.1.415
3 November 2021
- Trigger a on keyword events when a exploit was detected with a given word in the stream send to the socket
2 November 2021
- update port mapping allowing for binding ports from configuration file skipping non-mapped ports with a value of 0
11 October 2021
- CodeSign the binaries as well as the NuGet package for executing in a trust-platform
1 October 2021
- Add additional blocking reason for firewall rule engine to use when getting a port scan or a port exploit in IHoneyPotPortDetection
- Add support for Hex-Dump reading the received data making the data human readable
- Add abstract of the block reason to IHoneyPotPortDetection
- Update capturing missing intercept locations in the report API
26 September 2021
- Update process handling to store actual response not the response template
- Add Date-time stamp for each triggered contact
19 September 2021
- Update NuGet packages release for .Net 5.0.10
4 September 2021
- Add default port configuration for WAC and Tomcat
8 Aug 2021
- update to .NET 6.0 SDK (v6.0.100-preview.6)
30 June 2021
- Add .Net 6.0 binaries to the nuget package
23 June 2021
- Save native attack stream in IHoneyPotPortDetection as Base64 string allowing for attack-replay
15 June 2021
- Update to .Net Core 3.1.17 and .Net 5.0.8 SDK
19 June 2020
- Record data send to the honey-pot based on text encoding detection text
11 June 2021
- Update store GuardResponse in data tables
- Add trace route to detected incident if the option is set
09 June 2021
- Update to .Net SDK 5.0.301 and 3.1.410
07 June 2021
- Update NuGet Package references
31 May 2021
- Update to more efficiently extract WHOIS data for more possible attackers
12 April 2021
- Update to new code base after .net security violation fix
10 May 2021
- Update Database based storage
05 April 2021
- Update process data processing
- Log requests that do not send data
22 March 2021 - performance update
- Logging update