Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update

Browse source
This commit is contained in:
Marco Ochse 2022-04-05 18:26:08 +02:00
parent 60aff2aeb5
commit 2d97c90eb8
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -181,6 +181,7 @@ During the installation and during the usage of T-Pot there are two different ty
| Elasticvue | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. | | Elasticvue | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. |
| Geoip Attack Map | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. | | Geoip Attack Map | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. |
| Spiderfoot | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. | | Spiderfoot | BasicAuth | `<web_user>` | `<web_user>` you chose during the installation of T-Pot. |
<br><br> <br><br>
# System Requirements # System Requirements
@ -192,7 +193,8 @@ Depending on the installation setup, edition, installing on [real hardware](#run
| Standalone | 8-16GB | >=128GB SSD | RAM requirements depend on the edition, storage on how much data you want to persist. | | Standalone | 8-16GB | >=128GB SSD | RAM requirements depend on the edition, storage on how much data you want to persist. |
| Hive | >=8GB | >=256GB SSD | As a rule of thumb, the more sensors & data, the more RAM and storage is needed. | | Hive | >=8GB | >=256GB SSD | As a rule of thumb, the more sensors & data, the more RAM and storage is needed. |
| Hive_Sensor | >=8GB | >=128GB SSD | Since honeypot logs are persisted (/data) for 30 days, storage depends on attack volume. | | Hive_Sensor | >=8GB | >=128GB SSD | Since honeypot logs are persisted (/data) for 30 days, storage depends on attack volume. |
<br><vr>
<br><br>
Besides that all T-Pot installations will require ... Besides that all T-Pot installations will require ...
- an IP address via DHCP - an IP address via DHCP
@ -233,7 +235,7 @@ Some users report working installations on other clouds and hosters, i.e. Azure
Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incomding / outgoing connections. Review the [T-Pot Architecure](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incomding / outgoing connections. Review the [T-Pot Architecure](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.
| Port | Protocol | Direction | Description | | Port | Protocol | Direction | Description |
| :--- | :--- | :--- | :--- | | :--- | :--- | :--- | :--- |
| 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. Debian,<br> GitHub, DockerHub, PyPi, Sicherheitstacho, etc. | | 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. Debian, GitHub, DockerHub, PyPi, Sicherheitstacho, etc. |
| 64294 | tcp | incoming | T-Pot Management: Access to Cockpit | | 64294 | tcp | incoming | T-Pot Management: Access to Cockpit |
| 64295 | tcp | incoming | T-Pot Management: Access to SSH | | 64295 | tcp | incoming | T-Pot Management: Access to SSH |
| 64297 | tcp | incoming | T-Pot Management Access to NGINX reverse proxy | | 64297 | tcp | incoming | T-Pot Management Access to NGINX reverse proxy |
@ -241,17 +243,17 @@ Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS,
| 5000 | udp | incoming | Honeypot: CiscoASA | | 5000 | udp | incoming | Honeypot: CiscoASA |
| 8443 | tcp | incoming | Honeypot: CiscoASA | | 8443 | tcp | incoming | Honeypot: CiscoASA |
| 443 | tcp | incoming | Honeypot: CitrixHoneypot | | 443 | tcp | incoming | Honeypot: CitrixHoneypot |
| 80, 102, 502, 1025, 2404,<br> 10001, 44818, 47808, 50100 | tcp | incoming | Honeypot: Conpot | | 80, 102, 502, 1025, 2404, 10001, 44818, 47808, 50100 | tcp | incoming | Honeypot: Conpot |
| 161, 623 | udp | incoming | Honeypot: Conpot | | 161, 623 | udp | incoming | Honeypot: Conpot |
| 22, 23 | tcp | incoming | Honeypot: Cowrie | | 22, 23 | tcp | incoming | Honeypot: Cowrie |
| 19, 53, 123, 1900 | udp| incoming | Honeypot: Ddospot | | 19, 53, 123, 1900 | udp| incoming | Honeypot: Ddospot |
| 11112 | tcp | incoming | Honeypot: Dicompot | | 11112 | tcp | incoming | Honeypot: Dicompot |
| 21, 42, 135, 443, 445,<br> 1433, 1723, 1883, 3306, 8081 | tcp | incoming | Honeypot: Dionaea | | 21, 42, 135, 443, 445, 1433, 1723, 1883, 3306, 8081 | tcp | incoming | Honeypot: Dionaea |
| 69 | udp | incoming | Honeypot: Dionaea | | 69 | udp | incoming | Honeypot: Dionaea |
| 9200 | tcp | incoming | Honeypot: Elasticpot | | 9200 | tcp | incoming | Honeypot: Elasticpot |
| 22 | tcp | incoming | Honeypot: Endlessh | | 22 | tcp | incoming | Honeypot: Endlessh |
| 21, 22, 23, 25, 80, 110, 143, 443,<br> 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding | | 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding |
| 21, 22, 23, 25, 80, 110, 143, 389,<br> 443, 445, 1080, 1433, 1521,<br> 3306, 5432, 5900, 6379,<br> 8080, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots | | 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 1080, 1433, 1521, 3306, 5432, 5900, 6379, 8080, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots |
| 53, 123, 161| udp | incoming | Honeypot: qHoneypots | | 53, 123, 161| udp | incoming | Honeypot: qHoneypots |
| 631 | tcp | incoming | Honeypot: IPPHoney | | 631 | tcp | incoming | Honeypot: IPPHoney |
| 80, 443, 8080, 9200, 25565 | tcp | incoming | Honeypot: Log4Pot | | 80, 443, 8080, 9200, 25565 | tcp | incoming | Honeypot: Log4Pot |