Seems like an awful lot of C for something that could be done with a 6 line shell script run by inetd.
edit: not to denigrate the effort, but this feels overkill for something as simple as telnet :-)
Most of it seems to be devoted to accurately reproducing the telnet negotiation protocol and providing the session with a secure chroot() jail.
[Comment removed by author]
What does it illustrate? That it can be done, or something else entirely?
I think is a fun project. I always liked small tools written in C that do one thing well enough since you can use them and learn about the code in only a few minutes/hours.
sshd equivalent of this would be interesing, I would deploy it on some of my VPSes and see what dictionaries my chinese friends are using ;)
I never got around to it but thought about changing sshd code so that when PasswordAuthentication is not offered but the client sends a password anyway, that password is logged somewhere. (Bruceforce tools tend to not respect the protocol).
You asked for it, you got it:
Thanks, but I was unclear. I don’t want to run dedicated honeypots. I just wanted to augment my production environment to indicate trends among attackers.
It seems that kippo has a fork which is more complete, named Cowrie: http://www.micheloosterhof.com/cowrie/. It’s very nice, it even converts the tty logs to asciinema. Thanks!