Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.
- A Next-Gen UniFi gateway or UniFi OS Console with an integrated Next-Gen gateway.
Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.
I Got a Honeypot Security Detection. What Should I Do?
Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.
Frequently Asked Questions
1. I have Honeypot enabled but I do not see any notifications.
Under normal circumstances, there will be no notifications shown in the System Log section. A notification will only be shown when a (malicious) client tries to connect to the Honeypot IP address.
2. How can I test the Honeypot feature?
Testing can be done by pinging the Honeypot IP address or by running a port scan.