Fortinet white logo
Fortinet white logo

Administration Guide

Lure Settings

Lure Settings

The lure settings will vary depending on the service. The character limits and requirements in FortiDeceptor may differ from the requirements implemented in the service.

Character restrictions and guidelines

Lure setting

Service

Requirements

Hostname

Windows: NBNSSpoofSpotter SAP DISPATCHER

Maximum of 15 characters.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Client Number

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

Database Name

MariaDB

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

DICOM Listening Port

Medical

Enter a value between 1-65535. Default is 4242.

DICOM Server Name

Medical

Maximum of 16 characters.

Name cannot begin with a digit.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Domain (optional)

Windows: NBNSSpoofSpotter

Alphanumeric characters (A-Z, a-z, 0-9) and periods (.), are supported.

DSN Description

Windows: ODBC lure

Maximum of 256 characters.

Alphanumeric characters (A-Z, a-z, 0-9), special characters (.-_!@(~)?:|+;*/"') and spaces are supported.

DSN Name

Windows: ODBC lure

Maximum of 32 characters.

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

ES Cluster Name

Elastic Search

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

ES Node Name

Elastic Search

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

FTP Banner

SCADAV3, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), Periods (.), hyphens (-), underscores (_), and spaces are supported.

HTTP Listening Port

Ubuntu, Centos, Tomcat, Tomcat, EV2023

Enter a value between 1-65535.

  • Ubuntu, Centos: Default is 80.
  • Tomcat: Default is 9200.

HTTPS Listening Port

Ubuntu, Centos, Tomcat, EV2023

Enter a value between 1-65535.

  • Ubuntu, Centos: Default is 443
  • Tomcat: Default is 9200

HTTPS SSL Certificate

Ubuntu, Centos, Tomcat, EV2023

Optional. Upload using default settings is supported.

Certification ZIP Requirements:

  • The certificate and key file must have the exact same file names (excluding the extension).
  • The ZIP file must be "single-layer," containing only the two files without any sub-folders.
  • A trusted certificate is required for the Honeydocs token package to communicate with FortiDeceptor.

Instance Name

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

Interval(sec)

Windows: NBNSSpoofSpotter

Enter a value between 60-3600.

Listening Port

ERP (CRM), POS, SAP Router, SAP DISPATCHER, TP-LINK, CWMP, ScadaBR,MariaDB, Elastic Search(HTTP)

Enter a value between 1-65535.

  • ERP (CRM), POS, and TP-LINK: Default is 80.
  • SAP Router: Default is 3299
  • SAP DISPATCHER: Default is 3200
  • CWMP: Default is 7547
  • ScadaBR: Default is 9090

  • MariaDB: Default is 3306

  • Elastic Search(HTTP): Default is 9200

Listening Port Over HTTPS

SAP WEB

Enter a value between 1-65535. Default is 443

Location

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), period (,), comma (,), underscores (_) and space are supported

Module type

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

MQTT WEB port

VoIP

Enter a value between 1-65535. Default is 18083.

PACS Listening Port

Medical

Enter a value between 1-65535. Default is 80.

PACS System Name

Medical

Maximum of 16 characters.

Name cannot start with a digit.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), and underscores (_) are supported.

Page title

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Password

Windows: RDP & SMB, Ubuntu and Centos: SSH & SAMBA, RADIUS, NBNSSpoofSpotter

French Windows:RDP, SMB, MSSQL, HTTP/HTTPS, SMTP, FTP

GIT Users, ERP (CRM), Medical, POS, FortiGate, Cisco Router (Telnet/HTTP), HP Printer (HTTP), IP Camera (HTTP), Centos, SAP Router, SAP WEB, Brother MFC Printer (HTTP), Lexmark Printer (HTTP), TP-LINK

Maximum of 32 characters.

Alphanumeric characters (A-Z, a-z, 0-9) and special characters (- ! @ # $ (~) ^ & ? <> : | + ; * / , . " ' _ ) are supported.

The password is optional in GIT repository import.

Plant Identification

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

PLC name

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Repository Name

GIT Users

Maximum of 100 characters.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Serial number

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Serial number for ENIP

SCADAV3

Only 0-9 allowed

Sharename

French Windows:RDP, SMB, MSSQL, HTTP/HTTPS, SMTP, FTP

Windows:RDP & SMB, Ubuntu Centos-SSH & SAMBA

Centos

This option is only available for SAMBA (Ubuntu) or SMB (Windows). Enter a Sharename between 3-63 characters.

Alphanumeric characters (a-z, 0-9) and hyphens are supported.

SID

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

SIP port

VoIP

Enter a value between 1-65535.

TCP Default is 5060, 5061.

UDP Default is 5060.

SMTP Banner

Windows, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

SMTP Domain

Windows, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9) and periods (.), and hyphens (-) are supported.

SNMP

SCADAV3, Cisco Router (Telnet/HTTP), HP Printer (HTTP), IP Camera (HTTP), Brother MFC Printer (HTTP), Lexmark Printer (HTTP)

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

SNMP Banner

SCADAV3, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-),

underscores (_), and spaces are supported.

SSH Banner

Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

SSLVPN Bookmarks Name

FortiGate

Maximum of 15 characters.

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

Note: This option was removed from the fgtv2 DMZ model.

SSLVPN Bookmarks URL

FortiGate

Required field.

Alphanumeric characters (A-Z, a-z, 0-9), spaces, and special characters (-@#~?:./_=) are supported.

Note: This option was removed from the fgtv2 DMZ model.

SSLVPN Listening Port

FortiGate

Enter a value between 1-65535. Default is 10443.

TCP Banner

Windows: TCP Listener Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

TCP Listener

Windows: TCP Listener

Ubuntu, Centos

Separate multiple ports with a comma (,).

Telnet

SCADAV3

Telnet username password is the same as ERP

Token

GitHub repository import

Alphanumeric characters (A-Z, a-z, 0-9), and periods (.) are supported.

Update or Cancel

Windows: RDP & SMB, Ubuntu and Centos: SSH & SAMBA

Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.

URL

GitHub repository import

Required field.

Alphanumeric characters (A-Z, a-z, 0-9), spaces, and special characters (-@#~?:./_=) are supported.

Username

LINK Windows (FTP/NBNSSpoofSpotter/RDP/SMB/SMTP), Ubunbu and Centos (Elastic Search/FTP/GIT/HTTP/HTTPS/MariaDB/RADIUS/SAMBA/SMTP), CRM (ERP-WEB), FortiGate (SSLVPN), Brother MFC Printer (HTTP), Cisco Router (HTTP/Telnet), HP Printer (HTTP), HP Switch (HTTP), IP Camera (HTTP), Lexmark Printer (HTTP), TP-LINK Router (HTTP), Medical (B.BRAUN/FTP/HTTP/HTTPS/Telnet), POS (HTTP), SAP (HTTP), Schneider SCADAPack 333E (Telnet), Phoenix contact AXC 1050 (FTP)

Maximum of 32 characters.

Alphanumeric characters (a-z, 0-9), hyphens (-) and underscores (_) are supported.

Usernames should start with letters or underscores (_) and could end with dollar sign ($).

Ubuntu and Centos (SSH), Medical (SSH),

Maximum of 32 characters

Alphanumeric characters (a-z, 0-9), hyphens (-) and underscores (_) are supported.

Usernames should start with letters or underscores (_) and could end with dollar sign ($).

XMPP WEB port

VolP

Enter a value between 1-65535.Default is 5280.

Lure Settings

Lure Settings

The lure settings will vary depending on the service. The character limits and requirements in FortiDeceptor may differ from the requirements implemented in the service.

Character restrictions and guidelines

Lure setting

Service

Requirements

Hostname

Windows: NBNSSpoofSpotter SAP DISPATCHER

Maximum of 15 characters.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Client Number

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

Database Name

MariaDB

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

DICOM Listening Port

Medical

Enter a value between 1-65535. Default is 4242.

DICOM Server Name

Medical

Maximum of 16 characters.

Name cannot begin with a digit.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Domain (optional)

Windows: NBNSSpoofSpotter

Alphanumeric characters (A-Z, a-z, 0-9) and periods (.), are supported.

DSN Description

Windows: ODBC lure

Maximum of 256 characters.

Alphanumeric characters (A-Z, a-z, 0-9), special characters (.-_!@(~)?:|+;*/"') and spaces are supported.

DSN Name

Windows: ODBC lure

Maximum of 32 characters.

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

ES Cluster Name

Elastic Search

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

ES Node Name

Elastic Search

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

FTP Banner

SCADAV3, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), Periods (.), hyphens (-), underscores (_), and spaces are supported.

HTTP Listening Port

Ubuntu, Centos, Tomcat, Tomcat, EV2023

Enter a value between 1-65535.

  • Ubuntu, Centos: Default is 80.
  • Tomcat: Default is 9200.

HTTPS Listening Port

Ubuntu, Centos, Tomcat, EV2023

Enter a value between 1-65535.

  • Ubuntu, Centos: Default is 443
  • Tomcat: Default is 9200

HTTPS SSL Certificate

Ubuntu, Centos, Tomcat, EV2023

Optional. Upload using default settings is supported.

Certification ZIP Requirements:

  • The certificate and key file must have the exact same file names (excluding the extension).
  • The ZIP file must be "single-layer," containing only the two files without any sub-folders.
  • A trusted certificate is required for the Honeydocs token package to communicate with FortiDeceptor.

Instance Name

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

Interval(sec)

Windows: NBNSSpoofSpotter

Enter a value between 60-3600.

Listening Port

ERP (CRM), POS, SAP Router, SAP DISPATCHER, TP-LINK, CWMP, ScadaBR,MariaDB, Elastic Search(HTTP)

Enter a value between 1-65535.

  • ERP (CRM), POS, and TP-LINK: Default is 80.
  • SAP Router: Default is 3299
  • SAP DISPATCHER: Default is 3200
  • CWMP: Default is 7547
  • ScadaBR: Default is 9090

  • MariaDB: Default is 3306

  • Elastic Search(HTTP): Default is 9200

Listening Port Over HTTPS

SAP WEB

Enter a value between 1-65535. Default is 443

Location

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), period (,), comma (,), underscores (_) and space are supported

Module type

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

MQTT WEB port

VoIP

Enter a value between 1-65535. Default is 18083.

PACS Listening Port

Medical

Enter a value between 1-65535. Default is 80.

PACS System Name

Medical

Maximum of 16 characters.

Name cannot start with a digit.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), and underscores (_) are supported.

Page title

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Password

Windows: RDP & SMB, Ubuntu and Centos: SSH & SAMBA, RADIUS, NBNSSpoofSpotter

French Windows:RDP, SMB, MSSQL, HTTP/HTTPS, SMTP, FTP

GIT Users, ERP (CRM), Medical, POS, FortiGate, Cisco Router (Telnet/HTTP), HP Printer (HTTP), IP Camera (HTTP), Centos, SAP Router, SAP WEB, Brother MFC Printer (HTTP), Lexmark Printer (HTTP), TP-LINK

Maximum of 32 characters.

Alphanumeric characters (A-Z, a-z, 0-9) and special characters (- ! @ # $ (~) ^ & ? <> : | + ; * / , . " ' _ ) are supported.

The password is optional in GIT repository import.

Plant Identification

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

PLC name

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Repository Name

GIT Users

Maximum of 100 characters.

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

Serial number

SCADAV3

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), underscores (_), and spaces are supported.

Serial number for ENIP

SCADAV3

Only 0-9 allowed

Sharename

French Windows:RDP, SMB, MSSQL, HTTP/HTTPS, SMTP, FTP

Windows:RDP & SMB, Ubuntu Centos-SSH & SAMBA

Centos

This option is only available for SAMBA (Ubuntu) or SMB (Windows). Enter a Sharename between 3-63 characters.

Alphanumeric characters (a-z, 0-9) and hyphens are supported.

SID

SAP DISPATCHER

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), commas (,), hyphens (-), underscores (_), and spaces are supported.

SIP port

VoIP

Enter a value between 1-65535.

TCP Default is 5060, 5061.

UDP Default is 5060.

SMTP Banner

Windows, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

SMTP Domain

Windows, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9) and periods (.), and hyphens (-) are supported.

SNMP

SCADAV3, Cisco Router (Telnet/HTTP), HP Printer (HTTP), IP Camera (HTTP), Brother MFC Printer (HTTP), Lexmark Printer (HTTP)

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-) and underscores (_) are supported.

SNMP Banner

SCADAV3, Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), hyphens (-),

underscores (_), and spaces are supported.

SSH Banner

Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

SSLVPN Bookmarks Name

FortiGate

Maximum of 15 characters.

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

Note: This option was removed from the fgtv2 DMZ model.

SSLVPN Bookmarks URL

FortiGate

Required field.

Alphanumeric characters (A-Z, a-z, 0-9), spaces, and special characters (-@#~?:./_=) are supported.

Note: This option was removed from the fgtv2 DMZ model.

SSLVPN Listening Port

FortiGate

Enter a value between 1-65535. Default is 10443.

TCP Banner

Windows: TCP Listener Ubuntu, Centos

Alphanumeric characters (A-Z, a-z, 0-9), periods (.), hyphens (-), underscores (_), and spaces are supported.

TCP Listener

Windows: TCP Listener

Ubuntu, Centos

Separate multiple ports with a comma (,).

Telnet

SCADAV3

Telnet username password is the same as ERP

Token

GitHub repository import

Alphanumeric characters (A-Z, a-z, 0-9), and periods (.) are supported.

Update or Cancel

Windows: RDP & SMB, Ubuntu and Centos: SSH & SAMBA

Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.

URL

GitHub repository import

Required field.

Alphanumeric characters (A-Z, a-z, 0-9), spaces, and special characters (-@#~?:./_=) are supported.

Username

LINK Windows (FTP/NBNSSpoofSpotter/RDP/SMB/SMTP), Ubunbu and Centos (Elastic Search/FTP/GIT/HTTP/HTTPS/MariaDB/RADIUS/SAMBA/SMTP), CRM (ERP-WEB), FortiGate (SSLVPN), Brother MFC Printer (HTTP), Cisco Router (HTTP/Telnet), HP Printer (HTTP), HP Switch (HTTP), IP Camera (HTTP), Lexmark Printer (HTTP), TP-LINK Router (HTTP), Medical (B.BRAUN/FTP/HTTP/HTTPS/Telnet), POS (HTTP), SAP (HTTP), Schneider SCADAPack 333E (Telnet), Phoenix contact AXC 1050 (FTP)

Maximum of 32 characters.

Alphanumeric characters (a-z, 0-9), hyphens (-) and underscores (_) are supported.

Usernames should start with letters or underscores (_) and could end with dollar sign ($).

Ubuntu and Centos (SSH), Medical (SSH),

Maximum of 32 characters

Alphanumeric characters (a-z, 0-9), hyphens (-) and underscores (_) are supported.

Usernames should start with letters or underscores (_) and could end with dollar sign ($).

XMPP WEB port

VolP

Enter a value between 1-65535.Default is 5280.