Error removing IP address to HonSSH Interface: Error: an inet prefix is expected rather than "11.22.33.45/32"

Question

Error removing IP address to HonSSH Interface: Error: an inet prefix is expected rather than "11.22.33.45/32"

Closed this issue 10 years ago · 3 comments

GoogleCodeExporter commented 10 years ago

What steps will reproduce the problem?
1.
In honssh.cfg, set advanced networking to 'enabled = true'

2.
Connect to the honeypot

3.
Execute 'w'. The IP addres thats shown will be that of the router, not that of 
the connecting client.

What is the expected output?
When executing 'w' its expected to see the IP address of the connecting client.

What do you see instead?
The IP address of the internal gateway.


What version of the product are you using?
61a65bf9d5f8

On what operating system?
Ubuntu 12.04 LTS

Please provide any additional information below.
I've noticed this error when attackers have connected and disconnected and was 
able to reproduce it with the following steps:

# -- Stopping HonSSH.
#
2014-05-16 19:09:06+0200 [-] Main loop terminated.
2014-05-16 19:09:06+0200 [-] Server Shut Down.

# -- Changing 'enabled = true' to 'enabled = false'
#
2014-05-16 19:09:10+0200 [-] Log opened.
2014-05-16 19:09:10+0200 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2014-05-16 19:09:10+0200 [-] reactor class: 
twisted.internet.pollreactor.PollReactor.
2014-05-16 19:09:10+0200 [-] HonsshServerFactory starting on 22
2014-05-16 19:09:10+0200 [-] Starting factory 
<honssh.server.HonsshServerFactory instance at 0x2474f80>
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] 
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] Disconnecting with 
error, code 10
    reason: user closed connection
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] connection lost
2014-05-16 19:09:10+0200 [HonsshSlimClientTransport,client] Stopping factory 
<honssh.client.HonsshSlimClientFactory instance at 0x2474f38>
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] disabling 
diffie-hellman-group-exchange because we cannot find moduli file
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] Advanced 
Networking disabled - Using client_addr
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory] Starting factory 
<honssh.client.HonsshClientFactory instance at 0x2472b48>

# -- Making a connection to the honeypot
#
2014-05-16 19:09:27+0200 [honssh.server.HonsshServerFactory]  CONNECTION_MADE 
20140516_190927 11.22.33.44 40181
2014-05-16 19:09:27+0200 [Uninitialized] New client connection
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] kex alg, key 
alg: diffie-hellman-group1-sha1 ssh-rsa
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] outgoing: 
aes128-ctr hmac-md5 none
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] incoming: 
aes128-ctr hmac-md5 none
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] kex alg, key alg: 
diffie-hellman-group-exchange-sha1 ssh-rsa
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] outgoing: aes256-ctr 
hmac-sha1 none
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] incoming: aes256-ctr 
hmac-sha1 none
2014-05-16 19:09:27+0200 [HonsshServerTransport,0,11.22.33.44] NEW KEYS
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] REVERSE
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] NEW KEYS
2014-05-16 19:09:27+0200 [HonsshClientTransport,client] Client Connection 
Secured
2014-05-16 19:09:28+0200 [HonsshClientTransport,client] Detected Public Key 
authentication - disabling
2014-05-16 19:09:32+0200 [HonsshClientTransport,client]  LOGIN_SUCCESSFUL 
20140516_190932 11.22.33.44 hostmaster Hosting2014
2014-05-16 19:09:34+0200 [HonsshServerTransport,0,11.22.33.44] Entered command: 
w
2014-05-16 19:09:34+0200 [HonsshServerTransport,0,11.22.33.44]  COMMAND_ENTERED 
20140516_190934 11.22.33.44 w

# -- Output from 'w'
#
$ w
 19:09:50 up 4 days, 19:23,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
hostmast pts/0    192.168.192.168   19:09    1.00s  0.23s  0.00s w

2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Entered command: 
exit
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44]  COMMAND_ENTERED 
20140516_190943 11.22.33.44 exit
2014-05-16 19:09:43+0200 [HonsshClientTransport,client] Disconnect received 
from the honeypot: 192.168.192.16854
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Disconnect 
received from the attacker: 11.22.33.44
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Disconnecting 
with error, code 10
    reason: user closed connection
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] connection lost
2014-05-16 19:09:43+0200 [HonsshServerTransport,0,11.22.33.44] Lost connection 
with the attacker: 11.22.33.44
2014-05-16 19:09:44+0200 [HonsshServerTransport,0,11.22.33.44]  CONNECTION_LOST 
20140516_190944 11.22.33.44
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] connection lost
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] Lost connection with 
the honeypot: 192.168.192.16854
2014-05-16 19:09:44+0200 [HonsshClientTransport,client] Stopping factory 
<honssh.client.HonsshClientFactory instance at 0x2472b48>

# -- Stopping HonSSH.
#
2014-05-16 19:10:41+0200 [-] Received SIGTERM, shutting down.
2014-05-16 19:10:41+0200 [-] (TCP Port 22 Closed)
2014-05-16 19:10:41+0200 [-] Stopping factory 
<honssh.server.HonsshServerFactory instance at 0x2474f80>
2014-05-16 19:10:41+0200 [-] Main loop terminated.
2014-05-16 19:10:41+0200 [-] Server Shut Down.

# -- Changing 'enabled = false' to 'enabled = true'
#
2014-05-16 19:10:43+0200 [-] Log opened.
2014-05-16 19:10:43+0200 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2014-05-16 19:10:43+0200 [-] reactor class: 
twisted.internet.pollreactor.PollReactor.
2014-05-16 19:10:43+0200 [-] HonsshServerFactory starting on 22
2014-05-16 19:10:43+0200 [-] Starting factory 
<honssh.server.HonsshServerFactory instance at 0x14e8f80>
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] 
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] Disconnecting with 
error, code 10
    reason: user closed connection
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] connection lost
2014-05-16 19:10:43+0200 [HonsshSlimClientTransport,client] Stopping factory 
<honssh.client.HonsshSlimClientFactory instance at 0x14e8f38>
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] disabling 
diffie-hellman-group-exchange because we cannot find moduli file
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] HonSSH Interface 
created

# -- First error
#
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] Error adding IP 
address to HonSSH Interface - Using client_addr: Error: an inet prefix is 
expected rather than "11.22.33.45/32".
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory] Starting factory 
<honssh.client.HonsshClientFactory instance at 0x14e6b48>

# -- Making a connection to the honeypot
#
2014-05-16 19:10:47+0200 [honssh.server.HonsshServerFactory]  CONNECTION_MADE 
20140516_191047 11.22.33.44 46251
2014-05-16 19:10:47+0200 [Uninitialized] New client connection
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] kex alg, key 
alg: diffie-hellman-group1-sha1 ssh-rsa
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] outgoing: 
aes128-ctr hmac-md5 none
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] incoming: 
aes128-ctr hmac-md5 none
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] kex alg, key alg: 
diffie-hellman-group-exchange-sha1 ssh-rsa
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] outgoing: aes256-ctr 
hmac-sha1 none
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] incoming: aes256-ctr 
hmac-sha1 none
2014-05-16 19:10:47+0200 [HonsshServerTransport,0,11.22.33.44] NEW KEYS
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] REVERSE
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] NEW KEYS
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] Client Connection 
Secured
2014-05-16 19:10:47+0200 [HonsshClientTransport,client] Detected Public Key 
authentication - disabling
2014-05-16 19:10:52+0200 [HonsshClientTransport,client]  LOGIN_SUCCESSFUL 
20140516_191052 11.22.33.44 hostmaster Hosting2014
2014-05-16 19:10:54+0200 [HonsshServerTransport,0,11.22.33.44] Entered command: 
w
2014-05-16 19:10:54+0200 [HonsshServerTransport,0,11.22.33.44]  COMMAND_ENTERED 
20140516_191054 11.22.33.44 w

# -- Output from 'w'
#
$ w
 19:11:11 up 4 days, 19:25,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
hostmast pts/0    192.168.192.168   19:11    2.00s  0.24s  0.00s w

2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Entered command: 
exit
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44]  COMMAND_ENTERED 
20140516_191126 11.22.33.44 exit
2014-05-16 19:11:26+0200 [HonsshClientTransport,client] Disconnect received 
from the honeypot: 192.168.192.16854
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Disconnect 
received from the attacker: 11.22.33.44
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Disconnecting 
with error, code 10
    reason: user closed connection
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] connection lost
2014-05-16 19:11:26+0200 [HonsshServerTransport,0,11.22.33.44] Lost connection 
with the attacker: 11.22.33.44
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44]  CONNECTION_LOST 
20140516_191128 11.22.33.44

# -- Second error
#
2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing 
IP address to HonSSH Interface: Error: an inet prefix is expected rather than 
"11.22.33.45/32".

2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing 
POSTROUTING Rule: iptables v1.4.12: host/network `11.22.33.45' not found
    Try `iptables -h' or 'iptables --help' for more information.

2014-05-16 19:11:28+0200 [HonsshServerTransport,0,11.22.33.44] Error removing 
PREROUTING Rule: iptables v1.4.12: Bad IP address "11.22.33.45"

    Try `iptables -h' or 'iptables --help' for more information.

Original issue reported on code.google.com by are.hans...@gmail.com on 16 May 2014 at 5:40

Answer 1 · 2015-03-16T17:40:37.000Z

Strange. That looks like a well formatted inet address to me :S

Original comment by tnn...@googlemail.com on 16 May 2014 at 5:45

Changed state: Accepted

Answer 2 · 2015-03-16T17:40:38.000Z

networking.py 
Line 129
Change 255 to 256

ETA Tomorrow :P

Original comment by tnn...@googlemail.com on 16 May 2014 at 6:00

Answer 3 · 2015-03-16T17:40:38.000Z

Original comment by tnn...@googlemail.com on 18 May 2014 at 11:06

Changed state: Fixed