Honeybotid

qHoneypots detect unauthorized attempts or attacks on a computer system. They are specifically designed to attract cyber attackers and record their activities – this can include:

1. Tracking the IP addresses from which they originate
2. Identifying their techniques, methods, and patterns
3. Detecting malware or harmful software
4. Recognizing levels of threat and types of attacks (such as phishing, denial of service, or viruses)
5. Identifying new vulnerabilities or exploits.

Tanner is a key component of the T-Pot honeypot system. Tanner acts as the ‘brain’ of the honeypot. It processes events captured by the honeypot, analyzes them, and decides how the honeypot should respond. Tanner’s function is to make the honeypot simulate the reactions of a real system when faced with different kinds of attacks or intrusions, making it more likely for attackers to interact longer with the honeypot, hence providing more valuable information.

Suricata is an open source, high performance Intrusion Detection, Prevention, and Network Security Monitoring engine. It is developed by the Open Information Security Foundation (OISF). Suricata is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.

Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. Its multi-threading capabilities allow it to use multiple cores effectively and it can be used effectively to inspect both IPv4 and IPv6 traffic.

The term “Redishoneypot” seems to indicate a honeypot that deals with Redis instances. Redis is an open-source, in-memory data structure store used as a database, cache, and message broker. If unprotected Redis servers are exposed to the internet, they can be an easy target for hackers. A Redis honeypot would be designed to mimic a Redis server to lure attackers, allowing defenders to study their tactics and strategies.

NGINX Honeybot is one of T-Pot’s honeypots which emulates the NGINX web server. It behaves like an actual NGINX server to potential malicious actors, hence gathering intelligence about their activities, attack vectors, and techniques.

Medpot is a honeypot designed specifically to emulate medical devices to attract cyber attackers. It mimics a medical Picture Archiving and Communication System (PACS) to collect threat intelligence related to healthcare cyber attacks. Medpot is used as part of multi-honeypot platforms, such as T-Pot, to collect a wide range of threat intelligence on attempted attacks against medical systems.

Mailoney is a honeypot that is meant to emulate a mail server. It’s used to detect and log malicious SMTP (Simple Mail Transfer Protocol) traffic. By acting as a trap, it can collect valuable information about the techniques, procedures, and other details of a potential attacker targeting email servers. It’s one of many different types of honeypots that can be used to help enhance cybersecurity.

Ipphoney in T-Pot is a honeypot specifically designed for the IP telephony protocol SIP. A honeypot is a computer security mechanism set up to detect, deflect, or study attempts at unauthorized use of information systems. In the context of T-Pot, Ipphoney is used to analyze possible threats, attacks or probes coming from SIP protocol.

Honeytrap T-Pot is a comprehensive honeypot system developed by the German cybersecurity company, Deutsche Telekom. A honeypot is a computer security mechanism set to detect, deflect, or study attempts at unauthorized use of information systems. T-Pot incorporates multiple honeypots with intrusion detection systems to create a more widespread net for catching cyber threats. It provides detailed information about the attacks including attack vectors or malware. This helps in better understanding the potential threats and improving system securities.

Heralding in T-POT (TelePot) is a function that alerts or signals the presence of a potential cybersecurity threat or intrusion. It is a term used in this cybersecurity tool to describe the process of gathering, interpreting, and reporting data pertaining to possible security breaches.

Glutton is a module in T-POT, a Python Automated Machine Learning tool. The Glutton module is used to consume the entire dataset and return all the unique label combinations. It is typically used for multilabel classification problems.

Endlessh is an open-source utility, often used in T-Pot (a honeypot platform), that creates a tarpit for SSH (Secure Shell) attacks. It opens a port and waits for attackers to connect to it. Instead of rejecting the connection, it sends back a very slow stream of harmless data, keeping the attacker occupied to reduce the risk of actual harm to the system. In T-Pot, it helps to analyze and catch these types of attacks for research and cybersecurity purposes.

ElasticPot is a high interaction honeypot that can dynamically emulate a large number of services. It’s a type of cybersecurity tool.

Ddospot in T-Pot is a honeypot tool specially designed to simulate protocols targeted by Distributed Denial of Service (DDoS) attacks. This tool provides technical insights about the attacker, such as behavior and attack patterns. T-Pot is a system that includes Ddospot and various other honeypot tools pre-installed and ready-to-use for the purpose of detecting and analyzing cyberattacks.

Cowrie in T-Pot is a medium to high interacting SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. It is used in T-Pot, a multi-honeypot platform, as one of the honeypots in its network to detect and respond to attacks. The data that Cowrie collects can be used for forensic investigations or anomaly detection.

Adbhoney in T-Pot is a honeypot service for the protocols for ADB (Android Debug Bridge). A honeypot is a decoy system that is intended to lure cyber attackers to prevent them from accessing the actual system. With Adbhoney, T-Pot can attract attackers who are attempting to exploit vulnerabilities in the ADB protocol, and then record their activities to understand their techniques and strategies. This helps to enhance the security measures in the actual system.

CitrixHoneypot is a module within T-Pot that emulates Citrix services, often used to bait and trap attackers targeting Citrix-associated vulnerabilities. It is designed to record, analyze and study incoming attacks and thus help in the development of robust security measures.

Dionaea is designed to capture and collect information on malware, exploits, and other potentially malicious activities. It can log and store the binary files or shellcodes used in an attack for further examination.

Conpot in T-Pot is a low interactive server-side Industrial Control Systems (ICS) honeypot designed to be easy to deploy, modify and extend. It is used to attract and detect hackers and attackers who attempt to gain unauthorized control over ICS systems.

Read more: GitHub – telekom-security/tpotce: 🍯 T-Pot – The All In One Honeypot Platform 🐝

T-Pot offers docker images for the following honeypots …

• adbhoney,
• ciscoasa,
• citrixhoneypot,
• conpot,
• cowrie,
• ddospot,
• dicompot,
• dionaea,
• elasticpot,
• endlessh,
• glutton,
• heralding,
• hellpot,
• honeypots,
• honeytrap,
• ipphoney,
• log4pot,
• mailoney,
• medpot,
• redishoneypot,
• sentrypeer,
• snare,
• tanner