Hacker News new | comments | show | ask | jobs | submit login

Yup. I have a honeypot on my home network that hits Twilio when it gets poked at. So the author at least got my phone to light up.



At least you know it's working!

But yeah, I echo the other commenter wanting to know more about how you set that up.


That sounds awesome, care to share a few more details?


I actually locked myself out except for console access, so some of this is from memory/Googling:

1. Connect Raspberry Pi to local LAN and get wifi setup (I VLAN wireless traffic, so I have it listening/connected to both)

2. Change iptables default policy to DROP

3. Add relevant ALLOW rules to make sure basic stuff like DHCP still works. I added an allow rule to talk to another machine that runs a PHP script that talks to Twilio

4. Spend about a week adding custom DROP rules for any normal broadcast traffic on your network (Bonjour, random auto-discovery stuff, etc)

5. If you have properly excluded everything "normal" you should be able to run "iptables -vL" about 24 hours apart and the packet count next to the INPUT chain policy will not have incremented (remember we have a default of DENY)

6. Add a final rule of 'iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "ZOMG: " --log-level 4'

7. Write a bash script to monitor syslog, parse the log, forward to the before-mentioned script on another host


Very smart!

Just my 2 cents, but I feel like there might be some commercial demand for something like this if you'd ever consider packaging it.


>I actually locked myself out

Hate it when that happens to me...every week.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: