
Honeypot as a Service - adamsurak
https://haas.nic.cz/
======
oefrha
> You install and run the HaaS proxy application, downloadable from our
> website

Said website is a GitLab repo without a release artifact in sight, so I guess
“downloadable” means you can download the source code, compile it yourself,
and figure out how to set it up on your own.

Sure makes it easy to join...

------
coderintherye
This is great, but why not join forces with Project Honeypot?
[https://www.projecthoneypot.org/](https://www.projecthoneypot.org/)

------
teruakohatu
If a honeypot is widely used, won't scammers just detect the honeypot? or even
just detect latency from their connection being proxied elsewhere?

~~~
pfundstein
You are giving these script kiddies far too much credit.

The authors of the tools they use may try to implement honeypot detection, but
that's fruitless cat & mouse game, and to what end?

Assuming "honeypot" based on latency is a fool's errand because many
legitimate things can induce latency.

------
PappaPatat
This submission is a better honeypot than the software link it points to. It
has not been updated (latest blog entry 19/02/2018, latest code release Jul 30
2018).

Honeypots are high maintenance, or easy detectable.

Better example (disclaimer, I might have had something to do with this when it
was being developed) is the DT Honeypot initiative.

Website:
[https://sicherheitstacho.eu/start/main](https://sicherheitstacho.eu/start/main)

Code (Deutsche Telekom AG Honeypot Project on 01 Apr 2019): [https://dtag-dev-
sec.github.io/](https://dtag-dev-sec.github.io/)

------
sytse
This is a great early detection mechanism for malware.

Providers like Crowdstrike
[https://www.crowdstrike.com/](https://www.crowdstrike.com/) already aggregate
results of malware scans for customers.

This is different because it is National CSIRT of the Czech Republic and
because it is a honeypot, it will let the attacker use more commands.

------
waihtis
Self plug: founder at [https://www.avesnetsec.com](https://www.avesnetsec.com)
and launching something like this as a SaaS-offering very soon - doing limited
access trials right now and expect full launch in 4 weeks' time.

Some of the comments here around usability echo our early customer feedback
very much - which is why we want to be as smooth on the plug and play side as
possible.

------
gitgud
> "Your computer stays safe because all communication is redirected to our
> server."

Won't they see the packets hopping to other devices via a command like
'traceroute'?

~~~
imnotjames
Depends on what networking layer they're proxying. Layer 4 with something like
PROXY protocol and it's not as easy to tell.

------
CoughlinJ
Last update, 2018. Cool.

