Creating an Industrial Control System Honeypot with Conpot


In this subject we will follow a step by step instruction of installing an Industrial Control System honeypot. We will use CONPOT. The URL for it is
http://conpot.org and for documentation check:
https://github.com/mushorg/conpot/tree/master/docs.

The default configuration of Conpot simulates a basic “Siemens SIMATIC S7-200 PLC” with an input/output module and a CP 443-1 which would be needed in a real setup to provide network connectivity.

To install conpot run the commands below in a linux (Debian, Ubuntu, etc.)

$ sudo -i
# apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev
# apt-get install python-pip
# easy_install -U setuptools
# apt-get install mysql-server (if you will use it)
# apt-get install python-mysqldb
# apt-get install libmysqlclient-de
# git clone https://github.com/mushorg/conpot.git
# cd conpot
# python setup.py install
Use the code below to run with default config:
# conpot -t default

 

Here is a screenshot of a successful run:
Creating an Industrial Control System Honeypot with Conpot

 

If you want to make changes here are the details:

 

config file:
/usr/local/lib/python2.7/dist-packages/conpot/conpot.cfg

 

default xml file:
/usr/local/lib/python2.7/dist-packages/conpot/templates/default/template.xml