UniFi Gateway - Honeypot

Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.


Requirements

  • A Next-Gen UniFi gateway or UniFi OS Console with an integrated Next-Gen gateway.

Available Options

Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.


I Got a Honeypot Security Detection. What Should I Do?

Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.


Frequently Asked Questions

1. I have Honeypot enabled but I do not see any notifications.

Under normal circumstances, there will be no notifications shown in the System Log section. A notification will only be shown when a (malicious) client tries to connect to the Honeypot IP address.

2. How can I test the Honeypot feature?

Testing can be done by pinging the Honeypot IP address or by running a port scan.

Was this article helpful?
1 out of 2 found this helpful