Port honeypot

Estimated reading time: 1 min

The Port honeypot module opens fake services on 100 random ports that have no active service running. So the Port honeypot module won’t stop an active service.
These fake services mimic open ports, so if someone is trying to find an open port to exploit it, the IP address will be challenge listed.

IP forwarding
If the IP forwarding is enabled, our Port Honeypot module can’t start because it doesn’t know which ports it can use and which it can’t.
The Port honeypot module will not start if:
The server’s up time is less than half hour.
The server has ipforwarding enabled (the server is a proxy)
PCI compliance mode is enabled in the agent
If the agent does not have the correct access

Change the number of port honeypots

If you would like to run fewer/more honeypot services on your server, you can decrease/increase the number of honeypots in the Configurations menu.

  1. Open the Configuration menu on your BitNinja dashboard.
  2. Select the setting level on the left side. (server-level, server group-level, account-level)
  3. Change the value of the Random mine under the Port Honeypot module
  1. Save the changes by clicking on the Apply button at the top.

Define ports NOT to use as a port honeypot.

If you want to ensure BitNinja does not use a port as a port honeypot, you can define it in the config file.

  1. Open the Configuration menu on your BitNinja dashboard.
  2. Select the setting level on the left side. (server-level, server group-level, account-level)
  3. Select the Port Honeypot module.
  4. Under the “Not used ports,” click on the “+ Add new” button
  5. Enter the Port’s number and save it.
  1. Click on the Apply button at the top.

Passive FTP ports

Passive FTP ports
If an FTP client wants to use a port, which is a BitNinja Port Honeypot, it’ll choose another passive port for the connection.
BitNinja will block the FTP connection only from challenge/block listed IP addresses.
Was this article helpful?
It was not helpful
Views: 1410