Hi!
I really like the idea of honeypots collecting data for swarm intelligence. But the focus on a Raspberry Pi - and a lack of documentation on how to use it in other environments makes this project non-appealing to me:
Which traffic needs to be routed to the honeypot? (In case you also want to use the IP for different stuff)
How to connect to the honeypot if SSH is occupied by DShield? Which port can be used safely?
A Docker-Instruction (e.g. with a bridged Docker-Network) - as well as some words about the security impact of this method for security (e.g. kernel zero-days).
the more traffic is routed to the honeypot, the better. Ideally, all unsolicited inbound traffic should go to the honeypot. At least port 22,23,80,443,2222,2223 as these are some of the ports we have listeners on.
there is an SSH server listening on port 12222 that allows connections from IPs set during the install process (by default: your internal network)
working on docker/terraform and other instructions like that.
Hi! I really like the idea of honeypots collecting data for swarm intelligence. But the focus on a Raspberry Pi - and a lack of documentation on how to use it in other environments makes this project non-appealing to me:
Best regards! Thomas131