Conpot should not depend on external service #520
Comments
|
We could also drop |
git blame led me to #40 (there's a commit linked in the issue). 😎 I'm all for removal if it's not needed. In the code it's only used in the We can always do a Scream Test, i. e. remove it and see if anyone screams. (I just now learned that that has a name. 😆) |
|
Yeah, this was from back in the day when we assumed people would setup sensors and contribute to the hpfeeds network :) |
|
I don't think @t3chn0m4g3 is using MySQL, he usually collects data using hpfeeds or structured logs IIRC |
|
@glaslos Correct, not using MySQL. WRT |
The SNMP protocol should not use a hardcoded server to fetch MIBs. In fact, downloads at runtime should probably be avoided altogether.
The offending lines are:
conpot/conpot/protocols/snmp/command_responder.py
Lines 62 to 64 in ff09e00
This has caused issues in the past (#516, possibly #510) when snmplabs.com went down (etingof/pysnmp#376) and will cause issues again if/when Cisco change anything with their FTP server.
Ideally we would bundle the MIB sources with the templates. There are various repositories that they can be sourced from, including net-snmp on GitHub, or even the Cisco server from above. But I do not know what this would involve license-wise or copyright-wise, so I hesitate to create such a PR.
The other option is to install an appropriate package via
apt(orpip?). There exists such a package for Fedora in net-snmp-libs (the MIBs are put in/usr/share/snmp/mibs/and get picked up by PySNMP), but I have failed to find one for Debian.The cop-out answer is to move the server path to the template or config file, but since we would presumably set a default, this would still lead to complaints once the default stops working.
The text was updated successfully, but these errors were encountered: