Labels

How to Create a Fake Telnet Honeypot on Cisco Router in GNS3 | Step-by-Step Guide



πŸ” Introduction

In today’s cybersecurity world, deception technology such as honeypots plays a major role in detecting and studying attacker behavior. A honeypot is a fake service or system designed to lure hackers and log their activity. In this tutorial, we will set up a Fake Telnet Honeypot on a Cisco router in GNS3 using EEM (Embedded Event Manager) to generate alerts when attackers attempt to connect.

This is a powerful way to learn network security, ethical hacking, and Cisco IOS configuration while improving your practical skills for CCNA, CCNP, or Cybersecurity labs.

πŸ› ️ Prerequisites

  • GNS3 installed on your computer

  • Cisco IOS image (supports Telnet & EEM)

  • Basic knowledge of Cisco CLI commands

⚙️ Configuration Steps

1. Enable Logging and Timestamps

service timestamps log datetime
logging buffered 10000

This ensures all attacker attempts are logged with exact time and stored in the router buffer.

2. Create a Fake Honeypot User

username honeypot privilege 1 secret HoneyPot123

This creates a dummy account attackers might try to log into.

3. Enable AAA Authentication

aaa new-model
aaa authentication login HONEY local

This forces authentication via local accounts, ensuring the honeypot user is checked.

4. Configure VTY Line for Honeypot

line vty 5
 transport input telnet
 login authentication HONEY

We assign vty 5 to listen for fake Telnet attempts.

5. Block Real Telnet Access

access-list 99 deny any
line vty 0 4
 access-class 99 in

This prevents attackers from reaching the real management lines (0–4).

6. Add EEM Applet for Alerts

event manager applet LOG-HONEY-POT
 event syslog pattern "LOGIN_SUCCESS.*honeypot"
 action 1.0 syslog msg "HONEYPOT ALERT: ATTACKER TELNET ACCESS DETECTED!"

EEM automatically generates an alert in the logs whenever someone tries to log in with the honeypot account.

✅ Testing the Honeypot

  1. Open a Telnet session to the router’s IP on port 23.

  2. Enter the honeypot credentials.

  3. Check the router logs:

show log

You should see:

HONEYPOT ALERT: ATTACKER TELNET ACCESS DETECTED!

🎯 Why This Matters

  • Protects your router by diverting attackers to fake services

  • Helps you monitor malicious IPs trying to access your device

  • Teaches valuable network security skills for real-world jobs

  • Can be expanded into SSH honeypots, HTTP traps, or IDS/IPS labs

πŸ”Ž Conclusion

By setting up a Fake Telnet Honeypot on a Cisco Router, you not only learn about EEM, AAA, and access control but also gain insight into attacker behavior. This setup is perfect for labs, demonstrations, and security awareness training.

Stay tuned for more Cisco GNS3 security tutorials and honeypot configurations!

Learn how to set up a Fake Telnet Honeypot on a Cisco router in GNS3 using EEM. Detect attackers, log attempts, and improve network security skills.




 

Labels:

Comments

Post a Comment