Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.

Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
As mentioned during our "Tech Tuesday" session, the session itself was not recorded. Instead, I will be releasing three "stand alone" videos covering the major parts of the workshop. The videos will be broken up into three parts: - Introduction. What is DShield and the Internet Storm Center (to be released later today). - Installing the honeypot. See blow for this video - Using the DShield / Internet Storm Center Data (to be released tomorrow) All videos will be available on our YouTube channel. The instructions from the hands-on exercises are available at https://isc.sans.edu/techtuesday . --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute Twitter\| I will be teaching next: Defending Web Applications Security Essentials - SANS Paris June 2021	Johannes 4132 Posts ISC Handler Jun 25th 2020
Thread locked Subscribe	Jun 25th 2020 10 months ago
Hi Johannes, So I have the honeypot all setup and running from my LAN interface. I do have a Ubiquity USG, so I setup the LAN2 port on it and the honeypot is pulling an IP from the DHCP pool I configured. However, the status script is showing that it isn't being exposed to the Internet, and I can't ssh into it anymore. I created the firewall rule for all of this, but obviously I did something wrong. Since you specifically mention using a USG in the video, I assume that you have it working? If so, would you please share the firewall rules that you used so I can determine where I went wrong? Sincerely, Jon	Jon.Irish 4 Posts
Quote	Jun 25th 2020 10 months ago
I don't have a USG in front of me right now. But if I remember right, you configure two networks (e.g. 192.168.1.0/24 for LAN1 and 192.168.2.0/24 for LAN2). Next, you forward inbound traffic to the honeypot's IP via the Unifi admin interface's firewall setup. I found that interface to be a bit buggy at times. Best to log in to the USG via ssh and verify the firewall rules. If you configured the honeypot in a different network: you need to run the install script again to adjust the honeypot firewall rules for the new network configuration.	Johannes 4132 Posts ISC Handler
Quote	Jun 25th 2020 10 months ago
Thank you for putting on this presentation. I had tried unsuccessfully to set up the honeypot a few times in the past but because of your class I was able to get it working. I'm proud to now be able to contribute to your valuable cause.	mcox00941 1 Posts
Quote	Jun 26th 2020 10 months ago