Whats New ?
* Converted all stand alone scripts to work with Honeyd.  We no 
longer intend to support the old stand alone scripts.

* honeyd-telnet.py: Implemented cd, apart from the ls and other 
scripts before.
* honeyd-ftpd.py: Implemented the FTP error messages
* honeyd-modbus.py: Almost the same as the old one
* honeyd-html.py: Most PLCs have "Statistics", "Diagnostics" pages 
with forms.  We implemented those as examples to users.  We also 
implemented a mechanism where the script mails the users when 
attackers access the page (right now, its commented).

A Few Words

* Intentionally, our scripts are written in a crude manner for two 
First, we want to  respect the copy rights of the PLC makers.  
Second, we want the users to modify the scripts as per their own 
needs, so that all Scada Honeynet deployments won't look the same.  
The intent is to give the users the tools and the methodology.

Because of the low awareness of SCADA security, if the user deploys 
the actual code, the attackers would easily be able to find that 
its a Honeynet by a simple Google search.

Installation and Usage
1. Install honeyd - www.honeyd.org.
2. Select an IP (say "IP") on your network thats not used.
3. You need to make sure that the traffic to that unused IP.  We 
used arp-sk (www.arp-sk.org) for our testing.  Here is the sample 
command line usage:  arp-sk -r -S IP -i eth1
4. Make honeyd config file: here is our sample config file

    create template 

    set template uptime 1728650 
    set template maxfds 35 
    add template tcp port 21 "python plc/honeyd-ftpd.py" 
    add template tcp port 23 "python plc/honeyd-telnet.py" 
    add template tcp port 502 "python plc/honeyd-modbus.py" 
    add template tcp port 80 "python plc/honeyd-html.py" 
    bind IP template 

5. Run honeyd.  Here is a sample command line: honeyd -i eth1 -d 
--disable-webserver  IP -f /etc/honeypot/honeyd.con