We are happy to announce that our developers officially released the port honeypot module. The port honeypot is a perfect way to fight against zero-day attacks and many of our customers are satisfied with it because the module catches and entraps hackers who attempt to break into or scan their servers making them aware of the incoming malicious traffic.
The module sets up 100 honeypots chosen randomly from the 1000 most commonly used ports and is able to detect malicious port scanning conducted by hackers.For example, it gets installed on a port where usually there should not be incoming legitimate traffic, although, all botnets will get lured by it. BitNinja will create logs from the encountered scannings so our clients will be able to see all of the port traffic in their user dashboard. Apart from its high sensitivity to deep scanning, we have chat scripts, which make the fake services even more realistic.
You can read more about the chat scripts and the configuration of the port honeypot module on our documentation site.
The following graph shows the effectiveness of the port honeypot module. It starts from March, the 9th week of 2016, and displays the growing effectiveness of the module. The numbers make it clear, that attacks caught by the honeypot now constitute almost half of all caught BitNinja incidents.
You can enable the port honeypot on your dashboard anytime you wish, or disable it if you feel you do not need it.