Services and Features can be assigned to a HelloHacker device’s configuration, either from a configuration template assigned to it or directly in its settings.
A service in HelloHacker is an active honeypot that mimics a real network service. It listens on a specific port and records all connections or attack attempts. Here is what these services do :
HTTP Service: Simulates a standard web server. From a dropdown menu, you can choose from several HTTP service models to mimic different scenarios, such as vulnerable login pages or ones protected by default passwords, to attract exploitation attempts.
Web Server Model: A more realistic version of a website, imitating the full behavior of a web server.
HTTP Proxy: Simulates an open HTTP proxy, often sought by attackers to bounce traffic anonymously.
FTP Service: Mimics a file transfer server, recording login or file download attempts.
Port Scan Service: Detects when someone scans your machine’s ports to find active services.
SSH Service: Simulates secure remote access to observe login attempts and brute-force attacks.
MySQL Service: Mimics a MySQL database, useful for spotting scans and SQL injection attempts.
Redis Service: Simulates a Redis key-value database, often targeted for malicious use.
SIP Service: Simulates a VoIP (SIP) telephony server to detect fraud or scans.
TFTP Service: Simulates a lightweight file transfer service, often used by network equipment.
Telnet Service: Mimics an old remote access protocol, often targeted by IoT malware.
MSSQL Service: Simulates a Microsoft SQL Server to detect exploitation attempts.
VNC Service: Mimics a remote graphical desktop control service.
Poisoning Detector: Monitors attempts to maliciously manipulate network protocols (e.g., ARP spoofing).
NTP Service: Simulates a time synchronization server, often abused in amplification DDoS attacks.
SNMP Service: Simulates a network management service for devices, often targeted for sensitive info gathering.
RDP Service: Simulates a Windows Remote Desktop to detect brute-force and suspicious connections.
GIT Service: Simulates an accessible Git repository to see if attackers try to extract data.
TCP Banner Service: Provides a custom banner on a TCP port to record who connects.
SMB Service: Simulates Windows file sharing (SMB), often targeted by ransomware.
Beyond these services, there are also Features that can be selected and added to your product’s configuration. These include:
WAN Mode – Configures the HackTrap device to detect intrusion attempts coming from a WAN port.
Scanback Enabled – Launches a scan against the IP address that triggered the alert, in order to immediately gather more information about the possible attacker.