[honeytrap-devel] Handling of SSH connections
Brought to you by:
honeytrap
From: Marcin N. <mar...@fu...> - 2011-11-10 14:39:17
|
Dear Honeytrap users / developers, during my use of Honeytrap I encountered the following situation: Preconditions: [*] running instance of Honeytrap using nfq, [*] iptables rulesset which forwords all packets to the queue [*] portconf_default set to "normal" (no exceptions) Obersvation: I am still able to SSH the host which runs honeytrap! Why? Honeytrap logs this event but it seems that it does not answer it, as default reaction would be sending '\n'. I can simply login on my host, edit files etc... Stopping Honeytrap and _not_ deleting the iptables ruleset ends up with timeouts... Therefore I guess Honeytrap performs some kind of packet-forwarding? Sincerely, Marcin. |