https://community.checkpoint.com/t5/General-Topics/Honeypot/m-p/8109#M996 <HTML><HEAD></HEAD><BODY><P>For those of you who want to play a bit more with the various blades I recommend you create an isolated network on your (test) firewall. On it you can install&nbsp;<A href="http://dtag-dev-sec.github.io/mediator/feature/2017/11/07/t-pot-17.10.html">T-Pot</A>&nbsp;as honeypot farm.</P><P>Then start by natting unused IP addresses to your honeypot farm and allow all traffic to hit the honeypot.</P><P></P><P>Most interresting is to see the differences in hits per day between Threat prevention in detect mode and in blocking mode.</P><P></P><P>Also once you have it open for a few days have a look at shodan.io and see how they start to map your honeypot for you. That in turn propably results in more traffic.</P><P></P><P><IMG alt="T-Pot results" class="image-1 jive-image j-img-original" src="/legacyfs/online/checkpoint/74990_2018-11-23 13_04_15-RDS01 - rds01.ncc.qi.nl - Remote Desktop Connection.png" /></P><P></P><P>I have few IP's leading to this honeypot and they get hit from all over the globe:</P><P><IMG alt="World map" class="image-2 jive-image j-img-original" src="/legacyfs/online/checkpoint/74991_2018-11-23 13_06_36-RDS01 - rds01.ncc.qi.nl - Remote Desktop Connection.png" /></P><P></P><P>T-Pot is a breeze to install and so much fun to bait. This way you can have more fun with your (test) firewall.</P></BODY></HTML> Fri, 23 Nov 2018 12:08:30 GMT Hugo_vd_Kooij 2018-11-23T12:08:30Z https://community.checkpoint.com/t5/General-Topics/Honeypot/m-p/8109#M996 <HTML><HEAD></HEAD><BODY><P>For those of you who want to play a bit more with the various blades I recommend you create an isolated network on your (test) firewall. On it you can install&nbsp;<A href="http://dtag-dev-sec.github.io/mediator/feature/2017/11/07/t-pot-17.10.html">T-Pot</A>&nbsp;as honeypot farm.</P><P>Then start by natting unused IP addresses to your honeypot farm and allow all traffic to hit the honeypot.</P><P></P><P>Most interresting is to see the differences in hits per day between Threat prevention in detect mode and in blocking mode.</P><P></P><P>Also once you have it open for a few days have a look at shodan.io and see how they start to map your honeypot for you. That in turn propably results in more traffic.</P><P></P><P><IMG alt="T-Pot results" class="image-1 jive-image j-img-original" src="/legacyfs/online/checkpoint/74990_2018-11-23 13_04_15-RDS01 - rds01.ncc.qi.nl - Remote Desktop Connection.png" /></P><P></P><P>I have few IP's leading to this honeypot and they get hit from all over the globe:</P><P><IMG alt="World map" class="image-2 jive-image j-img-original" src="/legacyfs/online/checkpoint/74991_2018-11-23 13_06_36-RDS01 - rds01.ncc.qi.nl - Remote Desktop Connection.png" /></P><P></P><P>T-Pot is a breeze to install and so much fun to bait. This way you can have more fun with your (test) firewall.</P></BODY></HTML> Fri, 23 Nov 2018 12:08:30 GMT https://community.checkpoint.com/t5/General-Topics/Honeypot/m-p/8109#M996 Hugo_vd_Kooij 2018-11-23T12:08:30Z