Error removing IP address to HonSSH Interface: Error: an inet prefix is expected rather than "11.22.33.45/32"
Closed this issue · 3 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1.
In honssh.cfg, set advanced networking to 'enabled = true'
2.
Connect to the honeypot
3.
Execute 'w'. The IP addres thats shown will be that of the router, not that of
the connecting client.
What is the expected output?
When executing 'w' its expected to see the IP address of the connecting client.
What do you see instead?
The IP address of the internal gateway.
What version of the product are you using?
61a65bf9d5f8
On what operating system?
Ubuntu 12.04 LTS
Please provide any additional information below.
I've noticed this error when attackers have connected and disconnected and was
able to reproduce it with the following steps:
# -- Stopping HonSSH.
#
2014-05-16 19:09:06+0200 [-] Main loop terminated.
2014-05-16 19:09:06+0200 [-] Server Shut Down.
# -- Changing 'enabled = true' to 'enabled = false'
#
2014-05-16 19:09:10+0200 [-] Log opened.
2014-05-16 19:09:10+0200 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2014-05-16 19:09:10+0200 [-] reactor class:
twisted.internet.pollreactor.PollReactor.
2014-05-16 19:09:10+0200 [-] HonsshServerFactory starting on 22
2014-05-16 19:09:10+0200 [-] Starting factory
<honssh.server.HonsshServerFactory instance at 0x2474f80>
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client]
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] Disconnecting with
error, code 10
reason: user closed connection
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] connection lost
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] Stopping factory
<honssh.client.HonsshSlimClientFactory instance at 0x2474f38>
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] disabling
diffie-hellman-group-exchange because we cannot find moduli file
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] Advanced
Networking disabled - Using client_addr
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] Starting factory
<honssh.client.HonsshClientFactory instance at 0x2472b48>
# -- Making a connection to the honeypot
#
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] CONNECTION_MADE
20140516_190927 11.22.33.44 40181
2014-05-16 19:09:27+0200 [Uninitialized] New client connection
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] kex alg, key
alg: diffie-hellman-group1-sha1 ssh-rsa
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] outgoing:
aes128-ctr hmac-md5 none
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] incoming:
aes128-ctr hmac-md5 none
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] kex alg, key alg:
diffie-hellman-group-exchange-sha1 ssh-rsa
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] outgoing: aes256-ctr
hmac-sha1 none
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] incoming: aes256-ctr
hmac-sha1 none
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] NEW KEYS
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] REVERSE
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] NEW KEYS
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] Client Connection
Secured
2014-05-16 19:09:28+0200 [HonsshClientTransport,client] Detected Public Key
authentication - disabling
2014-05-16 19:09:32+0200 [HonsshClientTransport,client] LOGIN_SUCCESSFUL
20140516_190932 11.22.33.44 hostmaster Hosting2014
2014-05-16 19:09:34+0200 [HonsshServerTransport,0,11.22.33.44] Entered command:
w
2014-05-16 19:09:34+0200 [HonsshServerTransport,0,11.22.33.44] COMMAND_ENTERED
20140516_190934 11.22.33.44 w
# -- Output from 'w'
#
$ w
19:09:50 up 4 days, 19:23, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
hostmast pts/0 192.168.192.168 19:09 1.00s 0.23s 0.00s w
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Entered command:
exit
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] COMMAND_ENTERED
20140516_190943 11.22.33.44 exit
2014-05-16 19:09:43+0200 [HonsshClientTransport,client] Disconnect received
from the honeypot: 192.168.192.16854
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Disconnect
received from the attacker: 11.22.33.44
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Disconnecting
with error, code 10
reason: user closed connection
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] connection lost
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Lost connection
with the attacker: 11.22.33.44
2014-05-16 19:09:44+0200 [HonsshServerTransport,0,11.22.33.44] CONNECTION_LOST
20140516_190944 11.22.33.44
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] connection lost
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] Lost connection with
the honeypot: 192.168.192.16854
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] Stopping factory
<honssh.client.HonsshClientFactory instance at 0x2472b48>
# -- Stopping HonSSH.
#
2014-05-16 19:10:41+0200 [-] Received SIGTERM, shutting down.
2014-05-16 19:10:41+0200 [-] (TCP Port 22 Closed)
2014-05-16 19:10:41+0200 [-] Stopping factory
<honssh.server.HonsshServerFactory instance at 0x2474f80>
2014-05-16 19:10:41+0200 [-] Main loop terminated.
2014-05-16 19:10:41+0200 [-] Server Shut Down.
# -- Changing 'enabled = false' to 'enabled = true'
#
2014-05-16 19:10:43+0200 [-] Log opened.
2014-05-16 19:10:43+0200 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2014-05-16 19:10:43+0200 [-] reactor class:
twisted.internet.pollreactor.PollReactor.
2014-05-16 19:10:43+0200 [-] HonsshServerFactory starting on 22
2014-05-16 19:10:43+0200 [-] Starting factory
<honssh.server.HonsshServerFactory instance at 0x14e8f80>
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client]
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] Disconnecting with
error, code 10
reason: user closed connection
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] connection lost
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] Stopping factory
<honssh.client.HonsshSlimClientFactory instance at 0x14e8f38>
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] disabling
diffie-hellman-group-exchange because we cannot find moduli file
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] HonSSH Interface
created
# -- First error
#
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] Error adding IP
address to HonSSH Interface - Using client_addr: Error: an inet prefix is
expected rather than "11.22.33.45/32".
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] Starting factory
<honssh.client.HonsshClientFactory instance at 0x14e6b48>
# -- Making a connection to the honeypot
#
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] CONNECTION_MADE
20140516_191047 11.22.33.44 46251
2014-05-16 19:10:47+0200 [Uninitialized] New client connection
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] kex alg, key
alg: diffie-hellman-group1-sha1 ssh-rsa
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] outgoing:
aes128-ctr hmac-md5 none
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] incoming:
aes128-ctr hmac-md5 none
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] kex alg, key alg:
diffie-hellman-group-exchange-sha1 ssh-rsa
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] outgoing: aes256-ctr
hmac-sha1 none
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] incoming: aes256-ctr
hmac-sha1 none
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] NEW KEYS
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] REVERSE
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] NEW KEYS
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] Client Connection
Secured
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] Detected Public Key
authentication - disabling
2014-05-16 19:10:52+0200 [HonsshClientTransport,client] LOGIN_SUCCESSFUL
20140516_191052 11.22.33.44 hostmaster Hosting2014
2014-05-16 19:10:54+0200 [HonsshServerTransport,0,11.22.33.44] Entered command:
w
2014-05-16 19:10:54+0200 [HonsshServerTransport,0,11.22.33.44] COMMAND_ENTERED
20140516_191054 11.22.33.44 w
# -- Output from 'w'
#
$ w
19:11:11 up 4 days, 19:25, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
hostmast pts/0 192.168.192.168 19:11 2.00s 0.24s 0.00s w
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Entered command:
exit
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] COMMAND_ENTERED
20140516_191126 11.22.33.44 exit
2014-05-16 19:11:26+0200 [HonsshClientTransport,client] Disconnect received
from the honeypot: 192.168.192.16854
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Disconnect
received from the attacker: 11.22.33.44
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Disconnecting
with error, code 10
reason: user closed connection
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] connection lost
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Lost connection
with the attacker: 11.22.33.44
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] CONNECTION_LOST
20140516_191128 11.22.33.44
# -- Second error
#
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing
IP address to HonSSH Interface: Error: an inet prefix is expected rather than
"11.22.33.45/32".
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing
POSTROUTING Rule: iptables v1.4.12: host/network `11.22.33.45' not found
Try `iptables -h' or 'iptables --help' for more information.
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing
PREROUTING Rule: iptables v1.4.12: Bad IP address "11.22.33.45"
Try `iptables -h' or 'iptables --help' for more information.
Original issue reported on code.google.com by are.hans...@gmail.com
on 16 May 2014 at 5:40
GoogleCodeExporter commented
Strange. That looks like a well formatted inet address to me :S
Original comment by tnn...@googlemail.com
on 16 May 2014 at 5:45
- Changed state: Accepted
GoogleCodeExporter commented
networking.py
Line 129
Change 255 to 256
ETA Tomorrow :P
Original comment by tnn...@googlemail.com
on 16 May 2014 at 6:00
GoogleCodeExporter commented
Original comment by tnn...@googlemail.com
on 18 May 2014 at 11:06
- Changed state: Fixed