Every so once in a while I get the notion to run a honeypot, but it doesn’t seem prudent for me to attract that much attention to my network. I can already see the traffic using ntopng, and pfsense/unbound/suricata/pfblockng and robust ruleset do all the heavy lifting. I block everything, then only allow what is absolutely necessary. If it were run solely on a small VPS or droplet, it’d be an interesting project, but I’m not sure I want to poke the bear that much on my local network.
Every so once in a while I get the notion to run a honeypot, but it doesn’t seem prudent for me to attract that much attention to my network. I can already see the traffic using ntopng, and pfsense/unbound/suricata/pfblockng and robust ruleset do all the heavy lifting. I block everything, then only allow what is absolutely necessary. If it were run solely on a small VPS or droplet, it’d be an interesting project, but I’m not sure I want to poke the bear that much on my local network.
You shouldn’t run a honeypot for any other reason than fun and research, but if you’re into either of those, go for it!