UniFi Gateway - Honeypot

Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.

Requirements

Available Options

Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.

I Got a Honeypot Security Detection. What Should I Do?

Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.

Frequently Asked Questions

1. I have Honeypot enabled but I do not see any notifications.
Under normal circumstances, there will be no notifications shown in the System Log section. A notification will only be shown when a (malicious) client tries to connect to the Honeypot IP address.
2. How can I test the Honeypot feature?
Testing can be done by using the following command:
curl x.x.x.x:21

Replace x.x.x.x with the honeypot IP.

Was this article helpful?
160 out of 199 found this helpful