Can't connect to hpfeeds from dionaea 0.11.0 #321
Comments
|
Thanks for opening your first issue here! Be sure to follow the issue template! |
|
@borsuk-polny I saw your issue while looking for something unrelated. I've been having similar issues and sent in a few PR's to make it work for me. As of a week and a bit ago |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ISSUE TYPE
DIONAEA VERSION
Dionaea Version 0.11.0
Compiled on Linux/x86_64 at Feb 1 2021 13:34:46 with gcc 7.5.0
Started on 990e59200191 running Linux/x86_64 release 4.19.0-9-amd64
CONFIGURATION
dionaea running in docker container - image prepared using Dockerfile from git repository.
standard dionaea.cfg
services-enabled: memcache.yaml, ftp.yaml
ihandlers-enabled: cmdshell.yaml emuprofile.yaml ftp.yaml hpfeeds.yaml store.yaml tftp_download.yaml
all .yaml files standard config except hpfeeds.yaml:
config:
server: 10.10.10.11
port: 20000
ident: "ident"
secret: "secret"
OS / ENVIRONMENT
Dionaea running in container on linux virtual machine. The image was created using Dockerfile from git - ubuntu18 derived.
env variables:
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.Z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:
HOSTNAME=990e59200191
PWD=/
HOME=/root
TERM=xterm
SHLVL=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
Hpfeeds3 server runing in another docker on the same docker network (hpfeeds3 addres: 10.10.10.11, port 20000).
There is network connectivity between both containers.
SUMMARY
Dionaea 0.11.0 can't contact hpfeeds3 broker. I used dionaea 0.8.0 and it was able to send messages to hpfeeds3.
There is an error in the dionaea.log suggesting problems with connection class - see the end of sections "STEPS TO REPRODUCE" for appropriate excerpt from the log.
STEPS TO REPRODUCE
Prepare docker image and run:
1.git clone https://github.com/DinoTools/dionaea.git
2.cd dionaea
3.docker build -t dionanea:local .
4.docker run -d --net hpnetwork --ip 10.10.10.20 -p 21:21 -p 42:42 -p 69:69/udp -p 80:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900/udp -p 3306:3306 -p 5060:5060 -p 5060:5060/udp -p 5061:5061 -p 11211:11211 --name dionaea2 dionanea:local
Simulate incident - memcache connection:
telnet 10.10.10.20 11211
EXPECTED RESULTS
New feed in hpfeeds describing memcache connection.
Communication between dionaea (10.10.10.20) and hpfeeds3 (10.10.10.11, port 20000) visible in tcpdump run on the bridge connecting dockers.
ACTUAL RESULTS
Hpfeeds3 broker does not receive massages - verified by running hpfeds in debug mode and checking communication with tcpdump - no single packet was sent from dionaea to the broker. An error in dionaea.log as cited below.
There is an error in the dionaea.log:
[01022021 13:59:42] hpfeeds /dionaea/hpfeeds.py:134-debug: hpclient init
[01022021 13:59:42] binding /dionaea/hpfeeds.py:135-warning: All arguments of init must have a default value. class: 'hpclient', arg: 'server'
[01022021 13:59:42] python /code/modules/python/module.c:1039-warning: LoaderError at LoaderError()
[01022021 13:59:42] python /code/modules/python/module.c:1065-warning: binding.pyx:457 in None
[01022021 13:59:42] python /code/modules/python/module.c:1066-warning: dionaea.core.connection.init
[01022021 13:59:42] python /code/modules/python/module.c:1065-warning: lib/dionaea/python/dionaea/hpfeeds.py:135 in None
[01022021 13:59:42] python /code/modules/python/module.c:1066-warning: init
[01022021 13:59:42] python /code/modules/python/module.c:1065-warning: lib/dionaea/python/dionaea/hpfeeds.py:272 in None
[01022021 13:59:42] python /code/modules/python/module.c:1066-warning: init
[01022021 13:59:42] python /code/modules/python/module.c:1065-warning: lib/dionaea/python/dionaea/hpfeeds.py:60 in None
[01022021 13:59:42] python /code/modules/python/module.c:1066-warning: start
[01022021 13:59:42] python /code/modules/python/module.c:1065-warning: lib/dionaea/python/dionaea/ihandlers.py:45 in None
Best regards,
Piotr
The text was updated successfully, but these errors were encountered: