Honeypots Interest

Comments

4 comments

  • Avatar
    Firewalla

    You are best get a raspberry pi and implement something there. Doing everything on the firewalla will be dangerous unless it is dedicated and not running your home/work network

    2
    Comment actions Permalink
  • Avatar
    Jake Zalesky

    I suggest looking into the SANS DShield honeypot they have available for download with some great setup write-ups and videos. I installed it on a Pi and have it running through the dmz of the firewalla.

    https://www.dshield.org/tools/honeypot/index.html

    1
    Comment actions Permalink
  • Avatar
    Richard Sun

    This is exactly what I have done.

    I setup DShield on a Raspberry Pi Zero 2 W running Raspberry Pi OS Lite 64 bit, set the DMZ of my Firewalla Gold Plus to point to this Raspberry Pi, and added a block rule using the built in DShield list on the Firewalla.

    I found that my Honeypot submitted information eventually led to hosts being added to the DShield list and was subsequently automatically blocked from trying to break in further.

    1
    Comment actions Permalink
  • Avatar
    Richard Sun

    Here's a walkthrough on DShield that I found very helpful --> https://medium.com/swlh/installing-dshield-honeypot-on-a-raspberry-pi-e10d967825b2

    You then can either look at /var/log/dshield.log or log into your account in https://dshield.org/login.html to see what information was uploaded.

    Here's a screenshot of some of the information:

    2
    Comment actions Permalink

Please sign in to leave a comment.