Raspberri Pi, don't use if you've used Debian based distros!

travisdh1

So I was going to turn my pi into a honeypot and do a guide on that. Do yourself a favor and just don't.

@scottalanmiller was even more right than he could possibly know when claiming that you don't learn "linux" by using a raspberri pi. They so heavily customized the thing that you'll never learn anything about any normal distribution from the thing. Even the network config I was looking at today wasn't standard. I had changed the /etc/network/interfaces file to assign a static ip to the wired interface, silly me, that's done in /etc/dhcpcd.conf instead. I gave up, I was making a guide on how to be a Raspbian sysadming instead of a honeypot guide.

Excuse me for a minute:
STANDARDS WERE MADE FOR A REASON PEOPLE!

Ok, I think that's out of my system now. Carry on.

scottalanmiller

What distro did you try on it?

travisdh1

@scottalanmiller said in Raspberri Pi, don't use if you've used Debian based distros!:

What distro did you try on it?

honeeepi, which may have been the issue. I'm not taking the case back apart to reload the base raspbian again today, maybe after I'm less annoyed with it. Could be the best honeypot ever, but they've really screwed the pooch with the automation in it.

gjacobse

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

travisdh1

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

gjacobse

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

Makes sense....

Thought I am still reading - just what is the honeypot?

gjacobse

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

Makes sense....

Thought I am still reading - just what is the honeypot?

Is it a 'trick' to slow down hackers on the network?

http://www.linux-magazine.com/Issues/2015/178/Honeypots-for-the-Pi

travisdh1

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

Makes sense....

Thought I am still reading - just what is the honeypot?

A honeypot is something that pretends to be a real service, but really has no service(s) running and just logs what is done on the system. You know those global internet attack maps? A honeypot is how they generally collect that data.

scottalanmiller

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@scottalanmiller said in Raspberri Pi, don't use if you've used Debian based distros!:

What distro did you try on it?

honeeepi, which may have been the issue. I'm not taking the case back apart to reload the base raspbian again today, maybe after I'm less annoyed with it. Could be the best honeypot ever, but they've really screwed the pooch with the automation in it.

Oh, some weird custom distro. Those things are always so weird.

donaldlandru

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

Makes sense....

Thought I am still reading - just what is the honeypot?

A honeypot is something that pretends to be a real service, but really has no service(s) running and just logs what is done on the system. You know those global internet attack maps? A honeypot is how they generally collect that data.

It's a trap

travisdh1

@donaldlandru said in Raspberri Pi, don't use if you've used Debian based distros!:

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

@travisdh1 said in Raspberri Pi, don't use if you've used Debian based distros!:

@gjacobse said in Raspberri Pi, don't use if you've used Debian based distros!:

I wonder if this here is the reason why you had so much trouble.... Not that I know that much about it:

Honeeepi
Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

They are all pre-installed, but not one automatically runs at boot. You have to do that yourself, which isn't hard, but I wanted to give it the Office Space treatment before I ever got to that point.

Makes sense....

Thought I am still reading - just what is the honeypot?

A honeypot is something that pretends to be a real service, but really has no service(s) running and just logs what is done on the system. You know those global internet attack maps? A honeypot is how they generally collect that data.

It's a trap

exactly!

mlnews

Youtube Video

Lakshmana

What raspberry model?

DustinB3403

@lakshmana said in Raspberri Pi, don't use if you've used Debian based distros!:

What raspberry model?

It doesn't matter. The hardware footprint with the bastardized Debian built for the Raspberri Pi just doesn't work well.