Hi,
Anyone knows how do a Honeypot with Mikrotik? I read a old post here but its date from 2015 ( http://forum.mikrotik.com/t/honeypot-for-port-scanners-picks-up-google-dns/87656/1 ) and I haven’t clear how its works. If anyone could advice me something, thanks.
Regards.
A honeypot is just adding remote IPs to an address-list and denying every IP on that list from connecting to your port forwards. The remote IPs must meet some firewall criteria, such as attempting to create too many connections in a short period of time.
Some sample firewall rules are:
https://wiki.mikrotik.com/wiki/Drop_port_scanners
For your NAT connections, go to the advanced tab and set src-address-list !port_scanners
Thanks! I will test it 