Can't close connection after honeypot closed the connection
0Nightsedge0 opened this issue · 0 comments
0Nightsedge0 commented
Hi all,
I am confused about the lost connection. The max ssh login attempts of my honeypot is 3 times only. After 3 tries, the honeypot will disconnect to the honssh. However, the honssh did not close the session to the attacker after the disconnection. Here is a part of the log.
2018-03-30T12:57:56+0800 [HonsshClientTransport,client] REVERSE
2018-03-30T12:57:56+0800 [HonsshClientTransport,client] NEW KEYS
2018-03-30T12:57:56+0800 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2018-03-30T12:57:57+0800 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
2018-03-30T12:57:57+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:57:59+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:57:59+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:58:00+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:58:01+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:58:02+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:58:03+0800 [HonsshClientTransport,client] connection lost
2018-03-30T12:58:03+0800 [HonsshClientTransport,client] [CLIENT] - Lost connection with the Honeypot: my_honeypot (192.168.100.154:22)
2018-03-30T12:58:03+0800 [honssh.client.HonsshClientFactory#info] Stopping factory <honssh.client.HonsshClientFactory instance at 0x7f7cc9e187e8>
Attacker side:
root@attacker's password:
Permission denied, please try again.
root@attacker's password:
Permission denied, please try again.
root@attacker's password:
█ <<< hangs in here
Network view in close connection:
honeypot <- fin+ack -> honssh
honssh <- not talk about it -> attacker (so,session hang)
And I tried to deal with the HonsshClientTransport
class in client.py
.
added function in line 22:
def sendDiscounect(self, code, reason):
transport.SSHClientTransport.sendDisconnect(self, code, reason)
In connectionLost
function, appended self.sendDiscounect(10, 'lost connection to honeypot')
if self.factory.server.wasConnected:
self.sendDiscounect(10, 'lost connection to honeypot')
log.msg(log.LBLUE, '[CLIENT]', ...)
But it does not work as before...
Would anyone give me some direction?
Please excuse my bad English. Thank you very much.
Here is my full log and config:
Log: log.txt
config: honssh.cfg.txt