From 5cb6666d7b465240a664347e6c270e101925f0ef Mon Sep 17 00:00:00 2001 From: anti Date: Fri, 10 Apr 2026 01:58:23 -0400 Subject: [PATCH] docs: Append bug ledger implementation plan to REALISM_AUDIT.md --- development/REALISM_AUDIT.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/development/REALISM_AUDIT.md b/development/REALISM_AUDIT.md index 118cc8e..21739fa 100644 --- a/development/REALISM_AUDIT.md +++ b/development/REALISM_AUDIT.md @@ -382,3 +382,22 @@ The following infrastructure gaps from the Bug Ledger have been successfully res * **#7 (IMAP/POP3):** Both services now implement full protocol state machines (authentication, selection/transactions, fetching) and serve realistic hardcoded bait payloads (AWS keys, DB passwords). * **#10 (MQTT):** The service now issues successful `CONNACK` responses, presents interactive persona-driven topic trees, and logs attacker `PUBLISH` events. * **#11 (Conpot):** Wrapped in a custom build context that correctly binds Modbus to port `502` using a temporary template overwrite, resolving the missing Modbus response issue. + +--- + +## Implementation Plan + +### Phase 3: Critical SMTP Data Handling (P0) +- **SMTP (`SMTP_RELAY.md`)**: Rewrite `templates/smtp/server.py` to buffer `DATA` blocks properly and respond to `DATA` termination with a legitimate `250 OK` queue ID. Accept all open relay behavior inherently without mandating `AUTH`. + +### Phase 4: High-Severity Protocol Fingerprint Fixes (P1) +- **HTTP**: Hijack Flask `after_request` to enforce the Apache `Server` header in `templates/http/server.py`. Rewrite the 403 response body with authentic Apache HTML. +- **FTP**: Update `templates/ftp/server.py` to overwrite Twisted FTP greeting banner to `vsFTPd`. Implement `FTPAnonymousShell` to serve fake files (tarball, db dump, credentials). +- **MSSQL**: Update `templates/mssql/server.py` to emit a valid length-fixed TDS 7.x pre-login payload to successfully pass the nmap probe. +- **MongoDB**: Update `templates/mongodb/server.py` to respond to the `OP_MSG isMaster` requests generated by modern `nmap` and MongoDB clients. + +### Phase 5: State & Realism Improvements (P2) +- **Redis**: Instantiate `_FAKE_STORE` dict with bait authentication tokens and JWT salts in `templates/redis/server.py` to return plausible data for `KEYS *`, `GET`, `SCAN`, etc. +- **Dynamic Nonces (SIP/VNC/Postgres)**: Use `os.urandom()` and `secrets` to dynamically generate salts/nonces per connection instead of hardcoded strings in `templates/postgres/server.py`, `templates/sip/server.py`, and `templates/vnc/server.py`. +- **K8s (Kubernetes API)**: Investigate TLS setup block for K8s API port `6443` dropping traffic, pending an actual solution (requires deeper analysis and likely a separate plan). +