There is a proposed standard from IETF standard from IETF called MUD that describes the connectivity functionalities a device can offer. This can help the honeypot mimic realistic devices directly from the specification.
Some devices issue a URL in an LLDP message, DHCP discover message and a DHCP request message (i.e., is a broadcast ).
The URL takes to a json formatted file that contains the specification (e.g., open ports, name of the device, manufacturer, etc.).
Here are some repos with MUD files:
https://mudfileservice.globalplatform.org/mud-files-database.php (NOTE: it will shut down the 8/8/2023)
https://iotanalytics.unsw.edu.au/mudprofiles.html
There is a proposed standard from IETF standard from IETF called MUD that describes the connectivity functionalities a device can offer. This can help the honeypot mimic realistic devices directly from the specification. Some devices issue a URL in an LLDP message, DHCP discover message and a DHCP request message (i.e., is a broadcast ). The URL takes to a json formatted file that contains the specification (e.g., open ports, name of the device, manufacturer, etc.). Here are some repos with MUD files: https://mudfileservice.globalplatform.org/mud-files-database.php (NOTE: it will shut down the 8/8/2023) https://iotanalytics.unsw.edu.au/mudprofiles.html