UniFi Gateway - Honeypot

Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.

Requirements

A Next-Gen UniFi gateway or UniFi Cloud Gateway.

Available Options

Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.

I Got a Honeypot Security Detection. What Should I Do?

Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.

Frequently Asked Questions

Under normal circumstances, there will be no notifications shown in the System Log section. A notification will only be shown when a (malicious) client tries to connect to the Honeypot IP address.

Testing can be done by using the following command:

curl x.x.x.x:21

Replace x.x.x.x with the honeypot IP.

Was this article helpful?

Social

Company

Training

Tools