Honeypots Interest

Comments

6 comments

  • Avatar
    Firewalla

    You are best get a raspberry pi and implement something there. Doing everything on the firewalla will be dangerous unless it is dedicated and not running your home/work network

    2
    Comment actions Permalink
  • Avatar
    Jake Zalesky

    I suggest looking into the SANS DShield honeypot they have available for download with some great setup write-ups and videos. I installed it on a Pi and have it running through the dmz of the firewalla.

    https://www.dshield.org/tools/honeypot/index.html

    1
    Comment actions Permalink
  • Avatar
    Richard Sun

    This is exactly what I have done.

    I setup DShield on a Raspberry Pi Zero 2 W running Raspberry Pi OS Lite 64 bit, set the DMZ of my Firewalla Gold Plus to point to this Raspberry Pi, and added a block rule using the built in DShield list on the Firewalla.

    I found that my Honeypot submitted information eventually led to hosts being added to the DShield list and was subsequently automatically blocked from trying to break in further.

    1
    Comment actions Permalink
  • Avatar
    Richard Sun

    Here's a walkthrough on DShield that I found very helpful --> https://medium.com/swlh/installing-dshield-honeypot-on-a-raspberry-pi-e10d967825b2

    You then can either look at /var/log/dshield.log or log into your account in https://dshield.org/login.html to see what information was uploaded.

    Here's a screenshot of some of the information:

    2
    Comment actions Permalink
  • Avatar
    Steven

    @firewalla - you mentioned that a setup of using a docker container would be dangerous on an existing production device (which I am in agreement with). I am interested in getting into the Honeypot space.  Have you considered allowing the modification of your products to be docker container only for the use of Honeypots.  IE: take a Purple, using docker container methodologies convert to a supportable High-Interaction Honeypot and place that within the network isolated?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    I believe we mean 'honeypots' is dangerous ... very very dangerous running inside a container on your firewall. 

    The reason is, containers are not as isolated as virtual machines, and virtual machines not as isolated as physical machines. 

    0
    Comment actions Permalink

Please sign in to leave a comment.