HaaS: Honeypot as a Service

en in code • 2 min read
Mind the age! Most likely, its content is outdated. Especially if it’s technical.

My team at CZ.NIC finally introduces a stable version of HaaS, Honeypot as a Service. Who knows Czech can read it in an official blog post (edit: English version). For non-Czech readers, CZ.NIC is mainly known for the Czech domain registry, but does much more. For example secure router called Turris, which had honeypot included a long time ago. We decided to provide honeypot for anybody, not just Turris owners.

What is a honeypot, exactly? The honeypot is a specialized application simulating an operating system and allows a potential attacker to log in (we support SSH only now) and do any command or download malware. It’s not easy to install such an application for ordinary users, and mostly it’s not very secure. We decided to do it for you. :-)

Unfortunately, still, it’s not super easy to join the project. At least now, you need to install only a tiny proxy. The proxy has to be there to know small but essential details: IP address of potential attackers. Without a proxy, we would know only the IP of our user, which is useless.

The collected data are used by our CSIRT.CZ team to inform owners of infected servers and computers by some botnet about the issue. Currently, the biggest source of the attacks to our users is coming from China, so we share our data with the security team in Taiwan. We plan to share data with other CERT/CSIRT teams as well.

If you want to join the project, you can do that on the page haas.nic.cz. Register a new account and install proxy (available as deb/rpm package, on PyPI or as simple tar). In case of interest in the analysis, we provide data on page with global statistics. Well, except passwords, because we experienced more than one oversight where the user logged into the honeypot…

You may also like

en Makefile with Python, November 6, 2017
en Fast JSON Schema for Python, October 1, 2018
en Deployment of Python Apps, August 15, 2018
cs Jasně, umím Git…, August 6, 2014
cs Checklist na zabezpečení webových aplikací, March 1, 2016

More posts from category code.
Do not miss new posts thanks to Atom/RSS feed.

Recent posts

cs Mami, tati, přejde to, December 9, 2023 in family
cs Co vše bychom měli dělat s dětmi?, November 24, 2023 in family
cs O trávicí trubici, November 7, 2023 in family
cs Na šestinedělí se nevyspíš, October 28, 2023 in family
cs Copak to bude?, October 20, 2023 in family