G+_Volkan Paksoy Posted February 7, 2018 Share Posted February 7, 2018 Does anyone run a honeypot in their network? Is there any effective one that can run on a Raspberry Pi? Is it good enough a topic to cover in a KH episode? Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted February 7, 2018 Share Posted February 7, 2018 isc.sans.edu - Using a Raspberry Pi honeypot to contribute data to DShield/ISC - SANS Internet Storm Center I've never tried it myself, but I listen to a daily podcast that talks about this one (daily security news talk, not daily DShield talk). I highly recommend the 5ish minute podcast and I'm a bit curious about their honeypot too. I agree that it would be a fantastic KH episode! Link to comment Share on other sites More sharing options...
G+_Gene Hill Posted February 7, 2018 Share Posted February 7, 2018 +1 SANS Internet Storm Center. I run a very generic honey pot that collects SSH login attempts on a RaspPi. I just route all port 22 traffic the Pi, and collect the logs and do analysis on them. I have over 2 years of data and typically get between 2000 and 15000 connection attempts daily. Link to comment Share on other sites More sharing options...
G+_Volkan Paksoy Posted February 8, 2018 Author Share Posted February 8, 2018 That's interesting. Never thought of opening it to the public Internet. I was thinking more of putting one behind the firewall to detect internal anomalies. Thanks Ben Reese for the podcast recommendation. I've subscribed to it. Link to comment Share on other sites More sharing options...
Recommended Posts