UniFi Gateway - Honeypot
Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.
Requirements
- A Next-Gen UniFi gateway or UniFi Cloud Gateway.
Available Options
Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.
I Got a Honeypot Security Detection. What Should I Do?
Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.
Frequently Asked Questions
curl x.x.x.x:21
Replace x.x.x.x with the honeypot IP.