(v12.0.9091.1083 started 2024-11-20 23:42:13 on VM2)
echo: .. implements a simple honeypot, supports PRTG monitoring, simulates SSRP and allows access to se.SAM
GatewayIP2 must be "echo".
Keywords in type field: ECHO, FTP, HTTP, NOECHO, PRTG, SESAM, SMTP, SSRP, TELNET If no keyword is specified: received data will be sent The keywords ECHO and NOECHO are supported also for UDP connections. The keyword SSRP is supported only for UDP connections.
For keywords ECHO, FTP, TELNET: - data parameter may contain several elements separated by "|", these elements will be sent round-robin after any data packet received. - "\r" and "\n" may be inserted into comment to format output. - "n.n.n.n" will be replaced by local IP address.
Keyword ECHO:data ... data is optional - specified data will be sent after any message received - if data is not specified: received data will be sent - TLS (keyword SSL) is supported.
Keyword FTP:data ... data is optional - Default if no data is specified: FTP:"220 FTP service on n.n.n.n\r\n|331 Password required.\r\n|530 User cannot log in.\r\n" - First element will be sent before receiving any data and one time only. - Result on client side (Microsoft ftp client): C:\WINNT>ftp 127.0.0.1 Connected to 127.0.0.1. 220 FTP service on 127.0.0.1 User (127.0.0.1:(none)): myusername 331 Password required. Password: 530 User cannot log in. Login failed. ftp>
Keyword HTTP:data ... data is optional - Accepts http(s) GET and POST requests and returns the specified data in http response - Specified data will be sent within in the http response "HTTP/1.1 200 OK". - used in combination with keyword POST for logging POST data - For https the keyword SSL must be specified
Keyword NOECHO - no data will be sent - TLS (keyword SSL) is supported.
Keyword PRTG - http(s) web page to return performance monitor counters, example: AppGW: All values are from the last 5 minutes interval 2018-04-25 14:54:43 UTC TCP/UDP active (maximum), RTP active (maximum), Data from Source (bytes/second, mean value), Data to Source (bytes/second, mean value), TCP new (per minute), UDP new (per minute), RTP new (per minute) [18][2][80][100][17][5][0] - The interval and the name of the Application Gateway (default is AppGW) can be set via the keyword PERFMON e.g. PERFMON:"-2,MyAppGW" - This format is compatible with the HTTP Content Sensor from PRTG - For https the keyword SSL must be specified
Keyword SESAM:comx - comx ... serial port of se.SAM, e.g. com4 (on Windows) or /dev/ttyACM0 (on Linux) - Implements a raw interface to se.SAM crypto processor from sematicon AG. - Any se.SAM command can be issued using Telnet or other TCP tool. - If the character ")" has been received the received data will be sent to the se.SAM module. - The response is sent within one TCP packet terminated by "\r\n\r\n" - The fields are separated by ":" or "\r\n" depending on the response mode set. - If there is any error accessing se.SAM the returned string starts with "Error:" - If an ESC character is detected the input buffer will be cleared. - "\r" and "\n" will be removed from the input buffer (except for the command imortcert). - TLS (keyword SSL) is supported. Remark: The function "SESAM:" needs the object SerialPort to access the se.SAM crypto processor. The special installation requirements for ApplicGate built with .NET 8.0 (or higher) can be found here.
Keyword SMTP:server - server ... optional, name of server in response to connection request and HELO/EHLO, default is "test.mycomp.com" - Implements a simple SMTP mail receiver - The received mail data will be saved in the subdirectory SMTPlog. This directory must exist. - The optional file SpamKw.txt (in the default directory, UTF8) can be filled with comma separated words. If such a word is found in the mail body the mail will not be saved. - SpamKw.txt can be updated via web here. SMTP supports the optional keyword START:filename[!M] - After successful store of the mail the specified filename will be executed, - first argument is the name of mail file, - second argument is the IP address of the source, - !M is optional: The internal mail thread will be started after execution of the file.
Keyword SSRP Detailed information can be found here.
Keyword TELNET:data ... data is optional - Default if no data is specified: Telnet:"Welcome to n.n.n.n\r\n\r\nUsername:|Password:|\r\n% Login invalid\r\n\r\nUsername:" - First element will be sent before receiving any data and one time only. - Following elements will be sent only after "\r" has been received. - Result on client side: Welcome to GatewayIP
