Hugo van der Kooij

Honeypot

Discussion created by Hugo van der Kooij on Nov 23, 2018

For those of you who want to play a bit more with the various blades I recommend you create an isolated network on your (test) firewall. On it you can install T-Pot as honeypot farm.

Then start by natting unused IP addresses to your honeypot farm and allow all traffic to hit the honeypot.

 

Most interresting is to see the differences in hits per day between Threat prevention in detect mode and in blocking mode.

 

Also once you have it open for a few days have a look at shodan.io and see how they start to map your honeypot for you. That in turn propably results in more traffic.

 

T-Pot results

 

I have few IP's leading to this honeypot and they get hit from all over the globe:

World map

 

T-Pot is a breeze to install and so much fun to bait. This way you can have more fun with your (test) firewall.

Outcomes