Help Center Help Articles Community Design Center Tech Specs Large Project Assistance Professional Phone Support Contact Support
Store
User
Sign Up UniFi Site Manager
User User
Sign Up UniFi Site Manager
Help Center Help Articles Community Design Center Tech Specs Large Project Assistance Professional Phone Support Contact Support ui.com
Store

Links

UISP Help Articles UISP Carrier Platform

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
Back to Top
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Gateway & Routing

UniFi Gateway - Honeypot

Honeypot is a feature found in the Firewall & Security section of your Network application that listens on a specific IP address and helps discover malicious clients on the network.

Requirements

Available Options

Honeypot can be enabled on specific networks and will notify you when requests are made to its IP address. If there is a malicious client on the network, it will look for vulnerabilities by scanning open ports on the rest of the devices in the network. When it scans the Honeypot IP, a Security Detection will be shown in the System Log section.

I Got a Honeypot Security Detection. What Should I Do?

Determine which client was responsible for connecting to the Honeypot IP address. If this is a trusted client and the behavior is not intentional, then there may be a (malicious) program installed that is scanning the network.

Frequently Asked Questions

1. I have Honeypot enabled but I do not see any notifications.
Under normal circumstances, there will be no notifications shown in the System Log section. A notification will only be shown when a (malicious) client tries to connect to the Honeypot IP address.
2. How can I test the Honeypot feature?
Testing can be done by using the following command: 
curl x.x.x.x:21

Replace x.x.x.x with the honeypot IP.

Was this article helpful?
60 out of 75 found this helpful