Dynamic Port Honeypot Overview

What is Dynamic Port Honeypot?

The dynamic port honeypot function is a deception trap. It uses a real port as a bait port to induce attackers to access the network. In the horizontal penetration scenario, the function can effectively detect attackers' scanning, identify faulty servers, and protect real resources of the user.

You can enable the dynamic port honeypot using recommended ports or user-defined ports to deceive compromised servers and reduce the risk of resources intrusion. Figure 1 shows how the dynamic port honeypot works.

**Figure 1** Dynamic port honeypot protection

Figure 1 Dynamic port honeypot protection

How Do I Use Dynamic Port Honeypot?

Figure 2 shows the process of using the dynamic port honeypot.

**Figure 2** Process of using the dynamic port honeypot

Figure 2 Process of using the dynamic port honeypot

Table 1 Process of using the dynamic port honeypot

Operation

Description

Creating a Protection Policy for a Dynamic Honeypot Port

Enable the server port of dynamic port function, configure the source IP address whitelist, and bind the protected server.

Viewing and Handling Honeypot Protection Events

The dynamic port honeypot function reports an alarm when a potentially compromised server proactively connects to a honeypot port. You can handle the alarm based on service requirements.

Constraints and Limitations

  • Dynamic port honeypots apply only to servers that are not bound to EIPs.

  • Dynamic port honeypots are available only in HSS premium, web tamper protection, and container editions.

  • To use the dynamic port honeypots, ensure that the agent installed on the server falls within the following ranges. For more information, see Upgrading the Agent.

    • Linux: 3.2.10 or later.

    • Windows: 4.0.22 or later.

last updated: 2024-12-20 12:17 UTC - commit: b388aa84bdc22cbf164091ddd381853374abb2d1