def listen(ctx, verbose, home_id):
"""
Passive monitoring of network
:param ctx: shared context
:param verbose: show received frames
:param home_id: filter frames including specified home-id
"""
# initialize
signal.signal(signal.SIGINT, signal_handler)
cfg = ctx.obj[CONFIGURATION]
cfg.home_id = home_id
cfg.verbose = verbose
honeylog = ctx.obj[LOGGER]
with multiprocessing.Manager() as manager:
# initialize shared network and decoy information
network = manager.dict(load_json(cfg.networks_path + '/' + cfg.network_file))
decoys = manager.dict(load_json(cfg.networks_path + '/' + cfg.decoys_file))
# init stats
inner_stats = init_stats_dict()
stats_real = manager.dict(inner_stats.copy())
stats_malicious = manager.dict(inner_stats.copy())
stats_invalid = manager.dict(inner_stats.copy())
stats_in = manager.dict(inner_stats.copy())
stats_out = manager.dict(inner_stats.copy())
stats = {STAT_REAL: stats_real,
STAT_MALICIOUS: stats_malicious,
STAT_INVALID: stats_invalid,
STAT_IN: stats_in,
STAT_OUT: stats_out}
frames_in = list()
frames_out = list()
# initialize components
receiver = Receiver(cfg, network, decoys, honeylog, frames_in, frames_out)
monitor = Monitor(cfg, network, decoys, honeylog, stats)
receiver.monitor = monitor
monitor.receiver = receiver
# start configuration
configuration_process = Process(target=set_configuration, args=(cfg, honeylog))
configuration_process.start()
# if not verbose
if not verbose:
# show only stats
statsview_process = Process(target=stats_view, args=(stats, ctx.obj[DEBUG_LEVEL]))
statsview_process.start()
# start reception
receiver.start(False, True)
def record(ctx):
"""Records frames until users interrupt"""
configuration = ctx.obj[CONFIGURATION]
logger = ctx.obj[LOGGER]
network = load_json(configuration.networks_path + '/' +
configuration.real_networks_name)
decoys = load_json(configuration.networks_path + '/' +
configuration.virtual_networks_name)
receiver = Receiver(configuration, network, decoys, logger, None, None)
monitor = Monitor(configuration, network, decoys, logger, None, receiver)
receiver.monitor = monitor
monitor.record()
def run(ctx, passive, low, home_id, test):
"""Starts the IoT honeypot"""
configuration = ctx.obj[CONFIGURATION]
configuration.home_id = home_id
logger = ctx.obj[LOGGER]
if passive:
signal.signal(signal.SIGINT, signal_handler)
network = load_json(configuration.networks_path + '/' +
configuration.real_networks_name)
decoys = load_json(configuration.networks_path + '/' +
configuration.virtual_networks_name)
receiver = Receiver(configuration, network, decoys, logger, None, None)
monitor = Monitor(configuration, network, decoys, logger, None,
receiver)
receiver.monitor = monitor
configuration_process = Process(target=set_configuration,
args=(configuration, logger))
configuration_process.start()
signal.signal(signal.SIGINT, signal_handler)
global monitor_stats
monitor_stats = monitor.stats
monitor.start(passive=True)
else:
with multiprocessing.Manager() as manager:
# load networks to shared dictionaries of manager
network = manager.dict(
load_json(configuration.networks_path + '/' +
configuration.real_networks_name))
decoys = manager.dict(
load_json(configuration.networks_path + '/' +
configuration.virtual_networks_name))
if home_id and home_id not in decoys.keys():
sys.exit(ERROR_MISSING_DECOYS)
signal.signal(signal.SIGINT, signal_handler)
monitor_conn, generator_conn = Pipe()
receiver_conn, transmitter_conn = Pipe()
transmitter = Transmitter(configuration, transmitter_conn)
if not low:
responder = Responder(transmitter, decoys, logger)
else:
responder = None
receiver = Receiver(configuration, network, decoys, logger,
receiver_conn, responder)
monitor = Monitor(configuration, network, decoys, logger,
monitor_conn, receiver)
receiver.monitor = monitor
generator = TrafficGenerator(configuration, network, decoys,
logger, generator_conn, transmitter)
# init processes
monitor_process = Process(target=monitor_target, args=(monitor, ))
configuration_process = Process(target=set_configuration,
args=(configuration, logger))
# start processes
try:
configuration_process.start()
monitor_process.start()
generator.start(test)
except KeyboardInterrupt:
logger.info('\nTerminating...')
monitor_process.terminate()
configuration_process.terminate()
configuration_process.join()
monitor_process.join()
def run(ctx, low, home_id):
"""
Run main function of the IoT honeypot
:param ctx: shared context
:param low: low-interaction mode means that the honeypot does not respond to malicious frames
:param home_id: specifies the network identifier
"""
# initialization
signal.signal(signal.SIGINT, signal_handler)
cfg = ctx.obj[CONFIGURATION]
cfg.home_id = home_id
honeylog = ctx.obj[LOGGER]
# manager handles shared content between TX and RX processes
with multiprocessing.Manager() as manager:
network = manager.dict(load_json(cfg.networks_path + '/' + cfg.network_file))
decoys = manager.dict(load_json(cfg.networks_path + '/' + cfg.decoys_file))
# init stats
inner_stats = init_stats_dict()
stats_real = manager.dict(inner_stats.copy())
stats_malicious = manager.dict(inner_stats.copy())
stats_invalid = manager.dict(inner_stats.copy())
stats_in = manager.dict(inner_stats.copy())
stats_out = manager.dict(inner_stats.copy())
stats = {STAT_REAL: stats_real,
STAT_MALICIOUS: stats_malicious,
STAT_INVALID: stats_invalid,
STAT_IN: stats_in,
STAT_OUT: stats_out}
frames_in = manager.list()
frames_out = manager.list()
# display real-time statistics
statsview_process = Process(target=stats_view, args=(stats, ctx.obj[DEBUG_LEVEL]))
# if records for specified network are missing
if not safe_key_in_dict(home_id, decoys.keys()):
# honeypot stops and display error
sys.exit(ERROR_MISSING_DECOYS)
signal.signal(signal.SIGINT, signal_handler)
# init frame transmitter
transmitter = Transmitter(cfg, frames_out, stats)
# if not low-interaction mode
if not low:
# init responder
responder = Responder(transmitter, decoys, honeylog)
else:
# else responder not needed
responder = None
# init receiver and monitor
receiver = Receiver(cfg, network, decoys, honeylog, frames_in, frames_out, responder)
monitor = Monitor(cfg, network, decoys, honeylog, stats)
receiver.monitor = monitor
monitor.receiver = receiver
# init traffic generator
generator = TrafficGenerator(cfg, network, decoys, honeylog, stats, transmitter)
# honeypot configuration process
configuration_process = Process(target=set_configuration, args=(cfg, honeylog))
# receiver process
receiver_process = Process(target=receiver_target, args=(receiver, False, False))
try:
configuration_process.start()
receiver_process.start()
statsview_process.start()
# generator works in main process
generator.start()
except KeyboardInterrupt:
honeylog.info('\nTerminating...')
receiver_process.terminate()
configuration_process.terminate()
configuration_process.join()
receiver_process.join()
statsview_process.join()
