Question 1

How to set up Dockerpot for an SSH honeypot?

Accepted Answer

Install required packages with apt-get, copy honeypot scripts to /usr/bin, configure crond for cleanup, set up xinetd for port 22 service, and enable auditd logging as per the README. Create a base Docker image with a weak user account for attackers.

Question 2

Dockerpot vs Cowrie: which honeypot is better?

Accepted Answer

Dockerpot excels in isolation using Docker for safe, disposable environments, ideal for research. Cowrie is a more feature-rich SSH honeypot with built-in emulation and logging. Choose Dockerpot for containerized simplicity, Cowrie for out-of-the-box functionality.

Question 3

Can Dockerpot simulate a web server like Apache?

Accepted Answer

Yes, but it requires significant customization. You need to modify the xinetd configuration and iptables rules for HTTP ports, and create a container image with the web server software, as the default setup is SSH-focused.

Question 4

How to monitor logs in Dockerpot for attack analysis?

Accepted Answer

Logs are collected via auditd for system calls (check /var/log/audit/audit.log) and syslog for xinetd connections. Configure auditd rules to capture execve calls, and use the REMOTE_HOST variable to track attacker IPs in container logs.

Question 5

Is Dockerpot suitable for long-term deployment in a network?

Accepted Answer

It can be used for monitoring, but the manual cleanup and lack of built-in alerting make it better for short-term assessments or research. For sustained use, you may need to enhance logging and automation beyond the provided cron jobs.

Question 6

How to customize iptables rules in Dockerpot for different ports?

Accepted Answer

Edit the honeypot script to adjust iptables rules for desired ports or protocols. The README mentions customizing ports in the iptables rules to run services other than SSH, such as modifying the script to handle TCP traffic on alternative ports.

Dockerpot

What is Dockerpot?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions