Question 1

How do I set up Conpot quickly with Docker?

Accepted Answer

Pull the Docker image from Docker Hub and run it using the provided quick install guide in the documentation, which simplifies deployment for testing purposes.

Question 2

What's better for ICS security: Conpot or a general honeypot like Dionaea?

Accepted Answer

Conpot is superior for ICS-specific threats due to its protocol emulation of Modbus and S7comm, whereas Dionaea focuses on broader network services like SMB or HTTP, making it less targeted.

Question 3

Which industrial protocols can Conpot emulate?

Accepted Answer

It supports common protocols such as Modbus, S7comm, and HTTP for device simulation, as listed in the key features, allowing coverage of typical ICS environments.

Question 4

How to create a custom template in Conpot?

Accepted Answer

Use the template development guides in the documentation, which involve editing XML-based files to define new device behaviors and responses.

Question 5

Is Conpot safe to run in a live production network?

Accepted Answer

No, it's designed as a honeypot for isolated or controlled environments to avoid attracting malicious traffic that could disrupt real industrial systems, as emphasized in its philosophy.

Question 6

How does Conpot handle log analysis for attackers?

Accepted Answer

It logs all interactions to files or databases, enabling security teams to manually review and analyze adversary TTPs, though it lacks built-in advanced analytics tools.

Conpot

What is Conpot?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions