The IP Address of The Attacker is not Detected in the Honeypot After Being Forwarded
I have a problem with my project. My project is how to deflect the attacker to the honeypot. I tried using the IPTables to forward any IP Address that want to access the protected network to the honeypot IP Address..
In this case I have 3 IP Address..
a. 192.168.43.42 --> It's a Honeypot
b. 192.168.43.216 --> It's a Protected Network/System
c. 192.168.43.156 --> It's a Attacker
I tried to configure the IPTables like this..
The honeypot that I used is a Kippo SSH. That's why the port is 22
(This command is implented in the protected system --> 192.168.43.216)
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 192.168.43.42
# iptables -t nat -A POSTROUTING -j MASQUERADE
After I tried that, the honeypot can detect the attacker!
But, the IP Address that are detected in the honeypot is the IP Address of the Protected System, not the IP Address of the Attackers. It looks like the protected system is attacking itself ..
Do you know how to show the IP Address of the Attackers? not the IP Address that has the Firewall (Protected System)..
Thank you!```
|