I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.
I haven’t opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.
I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I’m not using, and that I’m essentially trying to make a fancy IDS, however I have a couple questions.
-
Is it possible to add custom ports for honeypots that aren’t included in the project? For example, if I have a game running on port
4567
and there is no honeypot for that, I won’t see any activity. -
Is there another (perhaps lighter) Honeypot that you guys would recommend?
Edit: I guess disregard. I realize now that I can’t have honeypots running on the same ports as the services in which I’m wanting to monitor. Port forwarding from WAN to multiple devices using the same port won’t work
HOLY SHIT! That’s a long ass docker compose
820 lines, you weren’t kidding.
Glad you figured your edit out before you got too deep. Yeah, port forwarding is a tricky beast, because there’s no “good” way to do it. Either you have open ports exposed to the internet, or you have everything bouncing off of a third-party service. Neither option is great.
The T-Pot installation needs at least 8-16 GB RAM, 128 GB free disk space
Good lord.
And fuck curl-bash script installers.