I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.

I haven’t opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.

I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I’m not using, and that I’m essentially trying to make a fancy IDS, however I have a couple questions.

  1. Is it possible to add custom ports for honeypots that aren’t included in the project? For example, if I have a game running on port 4567 and there is no honeypot for that, I won’t see any activity.

  2. Is there another (perhaps lighter) Honeypot that you guys would recommend?

Edit: I guess disregard. I realize now that I can’t have honeypots running on the same ports as the services in which I’m wanting to monitor. Port forwarding from WAN to multiple devices using the same port won’t work

  • PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Glad you figured your edit out before you got too deep. Yeah, port forwarding is a tricky beast, because there’s no “good” way to do it. Either you have open ports exposed to the internet, or you have everything bouncing off of a third-party service. Neither option is great.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    The T-Pot installation needs at least 8-16 GB RAM, 128 GB free disk space

    Good lord.

    And fuck curl-bash script installers.