Honeypot is a security feature designed to simulate listening ports across commonly targeted protocols within a controlled security environment.
These ports are not bound to any real application; however, they actively monitor connection attempts and trigger events when a remote host initiates communication with services that are intentionally unused.
Any node exhibiting suspicious or exploratory behavior (“overly curious”) is automatically blacklisted for a duration of three hours, and the incident telemetry is immediately reported to the DecisionIP central intelligence engine for correlation and reputation analysis.
- The honeypot feature is available on the left menu
Your Firewall > DecisionIP > Honeypot
- With the left widget, you can enable or disable the feature.
- The center widget displays the number of intentionally opened ports; these ports are listed in the central section.
- If attacks are detected, the right widget turns orange and shows the total number of attacks recorded during the 10-minute interval; a button allows you to view detailed statistics.[br]
- Using the “New Port” button, you can manually add additional honeypot ports.
- In the list, you can also remove ports to prevent conflicts with legitimate applications running on your Artica server.