Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.

Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
As mentioned during our "Tech Tuesday" session, the session itself was not recorded. Instead, I will be releasing three "stand alone" videos covering the major parts of the workshop. The videos will be broken up into three parts: - Introduction. What is DShield and the Internet Storm Center (to be released later today). - Installing the honeypot. See blow for this video - Using the DShield / Internet Storm Center Data (to be released tomorrow) All videos will be available on our YouTube channel. The instructions from the hands-on exercises are available at https://isc.sans.edu/techtuesday . --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute Twitter\| I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022	Johannes 4467 Posts ISC Handler Jun 25th 2020
Thread locked Subscribe	Jun 25th 2020 1 year ago
Hi Johannes, So I have the honeypot all setup and running from my LAN interface. I do have a Ubiquity USG, so I setup the LAN2 port on it and the honeypot is pulling an IP from the DHCP pool I configured. However, the status script is showing that it isn't being exposed to the Internet, and I can't ssh into it anymore. I created the firewall rule for all of this, but obviously I did something wrong. Since you specifically mention using a USG in the video, I assume that you have it working? If so, would you please share the firewall rules that you used so I can determine where I went wrong? Sincerely, Jon	Jon.Irish 4 Posts
Quote	Jun 25th 2020 1 year ago
I don't have a USG in front of me right now. But if I remember right, you configure two networks (e.g. 192.168.1.0/24 for LAN1 and 192.168.2.0/24 for LAN2). Next, you forward inbound traffic to the honeypot's IP via the Unifi admin interface's firewall setup. I found that interface to be a bit buggy at times. Best to log in to the USG via ssh and verify the firewall rules. If you configured the honeypot in a different network: you need to run the install script again to adjust the honeypot firewall rules for the new network configuration.	Johannes 4467 Posts ISC Handler
Quote	Jun 25th 2020 1 year ago
Thank you for putting on this presentation. I had tried unsuccessfully to set up the honeypot a few times in the past but because of your class I was able to get it working. I'm proud to now be able to contribute to your valuable cause.	mcox00941 1 Posts
Quote	Jun 26th 2020 1 year ago