I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.
I haven't opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.
I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I'm not using, and that I'm essentially trying to make a fancy IDS, however I have a couple questions.
-
Is it possible to add custom ports for honeypots that aren't included in the project? For example, if I have a game running on port 4567
and there is no honeypot for that, I won't see any activity.
-
Is there another (perhaps lighter) Honeypot that you guys would recommend?
Edit: I guess disregard. I realize now that I can't have honeypots running on the same ports as the services in which I'm wanting to monitor. Port forwarding from WAN to multiple devices using the same port won't work
HOLY SHIT! That's a long ass docker compose
820 lines, you weren't kidding.