Creating an Industrial Control System Honeypot with Conpot

In this subject we will follow a step by step instruction of installing an Industrial Control System honeypot. We will use CONPOT. The URL for it is
http://conpot.org and for documentation check:
https://github.com/mushorg/conpot/tree/master/docs.

The default configuration of Conpot simulates a basic “Siemens SIMATIC S7-200 PLC” with an input/output module and a CP 443-1 which would be needed in a real setup to provide network connectivity.

To install conpot run the commands below in a linux (Debian, Ubuntu, etc.)

$ sudo -i
# apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev
# apt-get install python-pip
# easy_install -U setuptools
# apt-get install mysql-server (if you will use it)
# apt-get install python-mysqldb
# pip install conpot

 

Use the code below to run with default config:
# conpot -t default

 

Here is a screenshot of a successful run:
If you want to make changes here are the details:
config file:
/usr/local/lib/python2.7/dist-packages/conpot/conpot.cfg
default xml file:
/usr/local/lib/python2.7/dist-packages/conpot/templates/default/template.xml