1

While I would like to contribute piping of logs from a home-deployed honeypot to the DSHIELD project using a raspberry pi, I am concerned that the additional exposure of the port to the internet would provide:

  1. A wider exposure surface
  2. An additional endpoint for attackers to compromise potentially, which they could then use as a pivot point to do loop-back attack to other IOT or devices within the home network that may not have been exposed to the internet.

Would anyone be able to advise if the above additional risks are correct, and what would be a reasonable solution to place for a home network environment please?

George
  • 739
  • 1
  • 6
  • 22
  • there's no inherent danger to open ports per se; ports only do what the programs listening behind them can – dandavis Oct 23 '17 at 11:24
  • the additional risks as a result was my question actually. identifying the extra risks would help us craft out actionable plans to mitigate. – George Oct 24 '17 at 01:46

1 Answers1

2

A wider exposure surface

That is correct. In case you did not open any ports to the internet so far and you open one now the direct consequence is a wider surface.

In my point of view the indirect consequences are much worse than that. Consider, that you put a device on the internet that is meant to be attacked. And it will be. So the question is rather when than if it falls. An even though you are using e.g. the DHSIELD software wich is designed to be hacked, someone might be breaking your "sandbox" at one point.

If someone compromises a host in the internal network a pivoting will be possible if he gains enough rights on the machine. So a secure approach using honeypots is to put them in a "DMZ" that has no connection itself to the inner circle of your network. In that way its a lot less dangerous if it gets compromised.

Ben
  • 2,024
  • 8
  • 17