Conpot (installation – Evaluation)

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems. let’s first install Conpot then I explain about this tool:

1- install Docker

if you are running ubuntu17.10, this is a good document for installation, otherwise follow the instruction of Conpot.

2- Run docker pull honeynet/conpot
Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/sh
Finally run conpot -f –template default

Navigate to http://MY_IP_ADDRESS to confirm the setup.

the result with default template should be like this:

conpot - Hamidreza Talebi

Conpot

Conpot is shipped with a default profile(default.xml) which provides basic emulation of a Siemens S7-200 CPU with a few expansion modules installed. The attack surface of the default emulation includes the protocols MODBUS, HTTP, SNMP and s7comm.