A honeypot is an isolated physical computer or a virtual machine, the purpose of which is to be used as a way to detect, analyze and prevent unauthorized uses and network attacks by intentionally exposing itself. Honeypots usually contain data that appear legitimate and of value to the attackers. The attackers’ actions are closely monitored and can be used in order to prevent future attacks.

Our team has worked on some known honeypots including Conpot and Dionaea and we have extended their functionality.

Conpot is a known Honeypot that emulates industrial devices like Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs). Conpot is able to emulate Industrial protocols like Modbus, IEC-104 but also more common protocols like HTTP and FTP.

Dionaea is another known Honeypot. Its main usage is malware capturing. Malware runs in an isolated environment, so no damage to the actual network machine is done. Dionaea also provides emulation for protocols like MQTT and known SQL servers (like MySQL, MSSQL).