Berry Fruit

Raspberry Pi Honeypot Network

Intro

Our PiCyber Internship Team’s Pi Project has been slowing down over the past couple of weeks. However, since the Tech Jam, we have continued research on Raspberry Pis as honeypots, and we intend to continue this project through the semester to research the capabilities of a Raspberry Pi as a honeypot that can track activity on a modern network.

Analysis

We recently fixed our GEO IP map on our Modern Honeypot Server, which allows the computer to be located via geographical location by identifying the terminal’s IP address (we are still only using internal IPs at this time). During our final analysis, we came to the conclusion that Raspberry Pis present themselves as viable alternatives to consumer grade honeypot sensors because of their low prices, ease of use, and ability to be discreet. Deployments with Dionaea, although appearing limited, offer great flexibility through multiple port selections such as SQL, FTP, and HTTP. The project itself is a great way to obtain a copy of malware and monitor internal network traffic, helping organizations to better understand how internal resources are used.

Conclusion

We will be sharing our progress and findings in future blog posts throughout the coming months. If you have questions or comments about the project, you can leave a comment or contact the LCDI via Twitter @ChampForensics or via email at lcdi@champlain.edu.