Honeypot : Which package lets me imitate OpenSSH?

[e1-531g]

Hello,
I would like to imitate a few services on a few ports
for outside world. If one connects to lets say 22 TCP
port I would like him to not connect to real OpenSSH,
still make him thinking that he connects to real OpenSSH
and only need to guess valid password.
Maybe even imitate Windows services. Based on that
I would like to block IP and log that.
The part with pf to block IP I am able to do,
but I don't know if there exists something like that in ports,
which lets me imitate various popular services.

[jggimi]

You'll find net/honeyd in packages. The Honeyd project website has an example configuration that includes a simulated ssh.

Disclaimer: I've never used this tool, and can't comment on its use/function/safety/security.

[hanzer]

Quote:

Originally Posted by jggimi

You'll find net/honeyd in packages. The Honeyd project website has an example configuration that includes a simulated ssh.

Disclaimer: I've never used this tool, and can't comment on its use/function/safety/security.

Nice reference, Thanks!

There is an interesting Military/Cyberwar perspective/presentation on that technology/technique at: "Confessions of a Cyber Spy Hunter: Eric Winsborrow at TEDxVancouver", [specifically] about time - 16:40 - but the entire talk is worth watching, IMHO

[hanzer]

Here's a talk given by Lance Spitzner, the founder of the Honeynet Project: "HNW2015 - Lance Spitzner - The Honeynet Project: Then and Now". I had to stop watching at 6:00.