The Port honeypot module opens fake services on 100 random ports that have no active service running. So the Port honeypot module won’t stop an active service.
These fake services mimic open ports so if someone is trying to find an open port to exploit it the IP address will be greylisted.
IP forwarding
If the IP forwarding is enabled, our Port Honeypot module can’t start because it doesn’t know which ports can it use and which can’t.
If the IP forwarding is enabled, our Port Honeypot module can’t start because it doesn’t know which ports can it use and which can’t.
The Port honeypot module will not start if:
The server’s up time is less than half hour.
The server has ipforwarding enabled (the server is a proxy)
PCI compliance mode is enabled in the agent
If the agent does not have the correct access
The server’s up time is less than half hour.
The server has ipforwarding enabled (the server is a proxy)
PCI compliance mode is enabled in the agent
If the agent does not have the correct access
Change the number of port honeypots
If you would like to run fewer/more honeypot services on your server you can decrease/increase the number of honeypots in /etc/bitninja/PortHoneypot/config.ini
- Open the /etc/bitninja/PortHoneypot/config.ini file in your preferred text editor
nano /etc/bitninja/PortHoneypot/config.ini - Add the below two lines to the text
[random_mines]
random_mines=99
- Specify the number of the port honeypots after
random_mines=
- Save the changes and exit the text editor
In nanoctrl + W
then pressY
then press enter - Restart BitNinja with
service bitninja restart
Define ports NOT to use as port honeypot
If you would like to make sure BitNinja does not use a port as port honeypot you can define it the config file.
- Open the
/etc/bitninja/PortHoneypot/config.ini
file with your preferred text editor
e.g.:nano /etc/bitninja/PortHoneypot/config.ini
- Navigate under the
[ports_never_use]
flag. You will need to add a line here - add a line that looks like this
ports[]=XX
where XX is the number of the port that we need to remove the port honeypot from - Save settings and exit the editor
- in nano editor press
ctrl+x
then pressY
then press enter
- in nano editor press
- Restart BitNinja so the changes take effect. Use
service bitninja restart
Define ports as fixed port honeypots
- Open the /etc/bitninja/PortHoneypot/config.ini file with your preferred text editor
e.g.:nano /etc/bitninja/PortHoneypot/config.ini
- Navigate under the
[ports_always_use]
flag. You will need to add a line here - Add a line that looks like this
ports[]=XX
where XX is the number of the port that you wish to use as port honeypot - Save settings and exit the editor
- in nano editor press
ctrl+x
then pressY
then press enter
- in nano editor press
- Restart BitNinja so the changes take effect. Use
service bitninja restart
Passive FTP ports
Passive FTP ports
If an FTP client wants to use a port, which is a BitNinja Port Honeypot, it’ll choose another passive port for the connection.
BitNinja will block the FTP connection only from grey/blacklisted IP addresses.
If an FTP client wants to use a port, which is a BitNinja Port Honeypot, it’ll choose another passive port for the connection.
BitNinja will block the FTP connection only from grey/blacklisted IP addresses.