I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.
I haven't opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.
I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I'm not using, and that I'm essentially trying to make a fancy IDS, however I have a couple questions.
-
Is it possible to add custom ports for honeypots that aren't included in the project? For example, if I have a game running on port 4567 and there is no honeypot for that, I won't see any activity.
-
Is there another (perhaps lighter) Honeypot that you guys would recommend?
Edit: I guess disregard. I realize now that I can't have honeypots running on the same ports as the services in which I'm wanting to monitor. Port forwarding from WAN to multiple devices using the same port won't work
Glad you figured your edit out before you got too deep. Yeah, port forwarding is a tricky beast, because there’s no “good” way to do it. Either you have open ports exposed to the internet, or you have everything bouncing off of a third-party service. Neither option is great.
Yeah, such a nightmare, lol. If I ever feel like hosting a honeypot I'll probably DMZ it or use a VPS or something, but I'm going to change gears on projects for now.