What honeypot are you using?
Comment on [deleted]
Pika@sh.itjust.works 9 months ago
My security is fairly simplistic but I’m happy with it
- software protection
- fail2ban with low warning hold
- cert based login for ssh (no password Auth)
- drop all firewall
- PSAD for intrusion/scanning protection (so many Russian scanners… lol)
- wireguard for VPN to access local virtual machines and resources
- external VPN with nordVPN for secure containers (yes I know nord is questionable I plan to swap when my sub runs out)
- physical protection
- luksCrypt on the sensitive Data/program Drive ( I know there’s some security concerns with luksCrypt bite me)
- grub and bios locked with password
- UPS set to auto notify on power outage
- router with keep alive warning system that pings my phone if the lab goes offline and provides fallback dns
IlIllIIIllIlIlIIlI@lemmy.world 9 months ago
Linguist@lemmy.world 9 months ago
Genuine question. What security concerns does luksCrypt have?
tofubl@discuss.tchncs.de 9 months ago
Could you please elaborate how you do the honeypotting?
Pika@sh.itjust.works 9 months ago
I just used fail2ban on the commonly used default ports such as 22, 21 Etc, any requests on those ports get sent into purgatory, so the ip gets blacklisted any connections from it hangs until it times out. It’s a super basic setup iptables logs whenever a request is not in the current firewall (last rule in the chain) and then fail2ban reads the log and handles the block