Honeypot as a Service, Hacker News

News

New honeypot finally can handle all traffic. We have also space to scale even more now. New proxy is even more helping to use that new architecture on background but not mandatory to do upgrade.

For now we are still in beta phase to be sure it’s stable but soon everything should be fixed and running smoothly.

New web brings bug fixing, better structure of web with new design, possibility to use MojeID and public data available to download.

New proxy v1.3 brings bug fixing, possibility to change log level and support of not only RSA keys.

The first improvements of the website and the proxy. Better installation manual, no root needed for the proxy, better logging, proxy available on PyPI.

The first potential users can now register and participate in our research project. Meanwhile, we will fine tune and improve the system, so it is possible that there will be short service outages.

What is a honeypot?

Honeypot is a special software which simulates an operating system and allows an attacker to log in via SSH or telnet and execute commands or download malware. Commands are recorded and used to analyze the behavior. Malware can be analyzed as well.

How does it work?

Volunteers interested in joining the research will register on this site and add the first device to get an identification token.

You install and run the HaaS proxy application, downloadable from our website , which forwards incoming traffic from port (commonly used for SSH) to the HaaS server, where Cowrie honeypot simulates a device and records executed commands.

Communication scheme during the session forwarding

Your computer stays safe because all communication is redirected to our server.

What do I get by joining the project?

You will contribute to the improvement of cyber security and preparedness for cyber attacks in the Czech Republic.

You will get interesting information about the attacks on your device.

How can I get involved?

Participation in the project is entirely voluntary. Just sign up, add a device and download and run the HaaS proxy application on your PC or server with Linux. In advance, thank you all for your participation in our research.

How do we use the data?

Analyzing the behavior of attackers will be used for further innovation of mechanisms in SSH honeypot and for the National CSIRT of the Czech Republic – CSIRT.CZ.