Cowrie, Dionaea: in the connectors, only output IDEA events with globally routable source IPs (!6) · Merge requests · 713 / Warden / Warden Connectors

Pavel Valach requested to merge cowrie-dio-only-log-global-ip into master Jun 04, 2024

We should not generate IDEA events where the source address is not a globally routable IP address. The exact implementation differs between Cowrie and Dionaea Warden connectors.

In case of Cowrie, we do not store such session during the cowrie.session.connect event - we return in a short-circuit instead.

In case of Dionaea, we track such connection but we do not generate the IDEA event at the end of the connection. On such an occasion, we only log it in the logger.

Tested with my Cowrie and Dionaea instances.

Cowrie, Dionaea: in the connectors, only output IDEA events with globally routable source IPs

Merge request reports