-
Notifications
You must be signed in to change notification settings - Fork 4
External services as honeypots
In RIoTPot, we can use external services, such as containerized applications, as additional honeypots. These services work next to RIoTPot and should not be exposed to the Internet but to an internal private network (e.g., loopback). Instead of facing the Internet, RIoTPot spawns proxies on demand that bridge outside connections to these services, preventing undesired behaviors (e.g., reverse shells) and capturing these ongoing connections. It is important to mention that RIoTPot can not control containers or other applications, but we include docker container examples that demonstrate possible scenarios.
Furthermore, RIoTPot proxies to adjacent services can be customized from the UI. Navigate to services and register your service - add the port in which the application is listening for connections and the network address (e.g., http:80). Once you have registered, you can add it to your instance. Finally, click on the proxy tick button to start transferring incoming connections to your service.