Question 1

How to set up MTPot on Ubuntu for detecting Mirai botnets?

Accepted Answer

Install Python 2.7, then use pip to install telnetsrv and gevent. Run MTPot.py with the provided mirai_conf.json sample config, and ensure the port is accessible to log attacker IPs and commands.

Question 2

MTPot vs Cowrie: which honeypot is better for telnet emulation?

Accepted Answer

MTPot is lighter and specifically tailored for IoT botnet telnet scanning with simple JSON configs, while Cowrie is more feature-rich, supporting SSH and telnet with extensive logging but higher complexity. Choose MTPot for focused, lightweight monitoring.

Question 3

Can MTPot work with Python 3 instead of Python 2.7?

Accepted Answer

No, MTPot explicitly requires Python 2.7 as per the README, and there's no official support for Python 3. This limits its use on systems where Python 2.7 is not available or secure.

Question 4

How to add custom commands to MTPot for new malware variants?

Accepted Answer

Edit the JSON config file to include new key-value pairs under 'commands', where keys are the expected botnet commands and values are the responses, ensuring they mimic /bin/busybox execution as noted in the README.

Question 5

Is MTPot still actively maintained by the developers?

Accepted Answer

The README update points to a new StrutsHoneypot project, indicating reduced focus on MTPot. Community contributions are encouraged, but active maintenance from Cymmetria appears limited.

Question 6

What are the common errors when running MTPot and how do I fix them?

Accepted Answer

A frequent error is the AttributeError in telnetsrv related to gevent.select. The README provides a temporary fix by modifying green.py to use Python's select module instead, though this requires manual intervention.

MTPot

What is MTPot?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions