ApplicGate
(v12.0.9091.1083 started 2024-11-20 23:42:13 on VM2)

echo: .. implements a simple honeypot, supports PRTG monitoring, simulates SSRP and allows access to se.SAM

GatewayIP2 must be "echo".

Keywords in type field: ECHO, FTP, HTTP, NOECHO, PRTG, SESAM, SMTP, SSRP, TELNET
If no keyword is specified: received data will be sent
The keywords ECHO and NOECHO are supported also for UDP connections.
The keyword SSRP is supported only for UDP connections.

For keywords ECHO, FTP, TELNET:
- data parameter may contain several elements separated by "|", these elements will be sent round-robin after any data packet received.
- "\r" and "\n" may be inserted into comment to format output.
- "n.n.n.n" will be replaced by local IP address.

Keyword ECHO:data ... data is optional
- specified data will be sent after any message received
- if data is not specified: received data will be sent
- TLS (keyword SSL) is supported.

Keyword FTP:data ... data is optional
- Default if no data is specified: FTP:"220 FTP service on n.n.n.n\r\n|331 Password required.\r\n|530 User cannot log in.\r\n"
- First element will be sent before receiving any data and one time only.
- Result on client side (Microsoft ftp client):
C:\WINNT>ftp 127.0.0.1
Connected to 127.0.0.1.
220 FTP service on 127.0.0.1
User (127.0.0.1:(none)): myusername
331 Password required.
Password:
530 User cannot log in.
Login failed.
ftp>

Keyword HTTP:data ... data is optional
- Accepts http(s) GET and POST requests and returns the specified data in http response
- Specified data will be sent within in the http response "HTTP/1.1 200 OK".
- used in combination with keyword POST for logging POST data
- For https the keyword SSL must be specified

Keyword NOECHO
- no data will be sent
- TLS (keyword SSL) is supported.

Keyword PRTG
- http(s) web page to return performance monitor counters, example:
AppGW: All values are from the last 5 minutes interval 2018-04-25 14:54:43 UTC
TCP/UDP active (maximum), RTP active (maximum), Data from Source (bytes/second, mean value), Data to Source (bytes/second, mean value), TCP new (per minute), UDP new (per minute), RTP new (per minute)
[18][2][80][100][17][5][0]
- The interval and the name of the Application Gateway (default is AppGW) can be set via the keyword PERFMON e.g. PERFMON:"-2,MyAppGW"
- This format is compatible with the HTTP Content Sensor from PRTG
- For https the keyword SSL must be specified

Keyword SESAM:comx
- comx ... serial port of se.SAM, e.g. com4 (on Windows) or /dev/ttyACM0 (on Linux)
- Implements a raw interface to se.SAM crypto processor from sematicon AG.
- Any se.SAM command can be issued using Telnet or other TCP tool.
- If the character ")" has been received the received data will be sent to the se.SAM module.
- The response is sent within one TCP packet terminated by "\r\n\r\n"
- The fields are separated by ":" or "\r\n" depending on the response mode set.
- If there is any error accessing se.SAM the returned string starts with "Error:"
- If an ESC character is detected the input buffer will be cleared.
- "\r" and "\n" will be removed from the input buffer (except for the command imortcert).
- TLS (keyword SSL) is supported.
Remark: The function "SESAM:" needs the object SerialPort to access the se.SAM crypto processor.
The special installation requirements for ApplicGate built with .NET 8.0 (or higher) can be found here.

Keyword SMTP:server
- server ... optional, name of server in response to connection request and HELO/EHLO, default is "test.mycomp.com"
- Implements a simple SMTP mail receiver
- The received mail data will be saved in the subdirectory SMTPlog. This directory must exist.
- The optional file SpamKw.txt (in the default directory, UTF8) can be filled with comma separated words. If such a word is found in the mail body the mail will not be saved.
- SpamKw.txt can be updated via web here.
SMTP supports the optional keyword START:filename[!M]
- After successful store of the mail the specified filename will be executed,
- first argument is the name of mail file,
- second argument is the IP address of the source,
- !M is optional: The internal mail thread will be started after execution of the file.

Keyword SSRP
Detailed information can be found here.

Keyword TELNET:data ... data is optional
- Default if no data is specified: Telnet:"Welcome to n.n.n.n\r\n\r\nUsername:|Password:|\r\n% Login invalid\r\n\r\nUsername:"
- First element will be sent before receiving any data and one time only.
- Following elements will be sent only after "\r" has been received.
- Result on client side:
Welcome to GatewayIP

Username:myusername
Password:mypassword

% Login invalid

Username:myusername2
Password:mypassword2
...

ApplicGate Logo  reinhold.leitner@applicgate.com (C) November 2024
www.applicgate.com