Shodan indicators used to detect standard conpot implementations and their improvement through sophisticated customization
Abstract
Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.
RAS ID
47160
Document Type
Conference Proceeding
Date of Publication
2022
Funding Information
Cyber Security Research Centre / Australian Government's Cooperative Research Centres
School
School of Science
Copyright
subscription content
Publisher
IEEE
Recommended Citation
Cabral, W. Z., Sikos, L. F., & Valli, C. (2022). Shodan indicators used to detect standard conpot implementations and their improvement through sophisticated customization. DOI: https://doi.org/10.1109/DSC54232.2022.9888911
Comments
Cabral, W. Z., Sikos, L. F., & Valli, C. (2022). Shodan indicators used to detect standard conpot implementations and their improvement through sophisticated customization. In 2022 IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-7). IEEE. https://doi.org/10.1109/DSC54232.2022.9888911