Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
s4m0ur41
Explorer

Honey Pot behind an SMB appliance (IP 600)

Hi there,

Network Setup :

- ISP router connected to the firewall WAN interface

- A freshly installed Honey Pot (MHN - Modern Honey Netwok) connected to the firewall DMZ interface.

- My PC connected to Firewall LAN interface

- Firewall policy, NATs and forwarding rules are functional.

From my PC i can ping and connect via ssh to the server DMZ IP address.

I am trying to configure sensors as per the website installation guide and I am facing some (I guess so) https/certificate errors. I am using the --no-check-certificate option with the wget command but I still have issues.

Would you guys be able to help me please?

* here is the command I need to complete:

wget --no-check-certificate "http://<WAN interface IP address>/api/script/?text=true&script_id=14" -O deploy.sh && sudo bash deploy.sh http://<WAN interface IP address> some KEY

* Here is the result :

--2020-03-06 13:56:01-- http://<WAN interface IP address>/api/script/?text=true&script_id=14
Connecting to <WAN interface IP address> ... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://<WAN interface IP address>:4434 [following]
--2020-03-06 13:56:01-- https:/<WAN interface IP address>:4434/
Connecting to <WAN interface IP address>:4434... connected.
WARNING: cannot verify 's certificate, issued by ‘C=US,O=Check Point,OU=Check Point Security Gateway,CN=my.firewall_xxxxxxx_xxxxxxx’:
Self-signed certificate encountered.
WARNING: certificate common name ‘my.firewall__xxxxxxx_xxxxxxx’ doesn't match requested host name ‘<WAN interface IP address>’.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘deploy.sh’

deploy.sh [ <=> ] 603 --.-KB/s in 0s

2020-03-04 13:56:01 (97.4 MB/s) - ‘deploy.sh’ saved [603]

deploy.sh: line 1: syntax error near unexpected token `<'
deploy.sh: line 1: `<html><head><meta http-equiv='Content-Language' content='en-us' /><meta http-equiv='Content-Type' content='text/html; charset=windows-1252' /><title>Error</title></head><body style='background-color: white;'><div><div style='font-family: "Arial"; padding-left: 20px; padding-top: 10px; font-size: 14pt; font-weight: bold;'>Error</div><div style='font-family: "Arial",; padding-left: 20px; padding-top: 20px; font-size: 12pt;'>Either invalid input was specified or an internal error has occurred.<br>'

 Thank you very much in advance for your assistance.

Regards and have a nice day.

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

If you want your Honey Pot accessible to be accessible via your WAN interface IP, you need to configure it as a Server object, not with NAT rules.
Further, port 4434 is used by the WebUI of the SMB device for management by default.
You're therefore running a wget against the WebUI of the SMB device with a URL that won't work.
Either change the port used for the admin interface of the SMB device or change the port used by your Honey Pot device.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events