Introduction
In cybersecurity, understanding how attackers think is just as important as knowing how to defend systems. One powerful way to gain this insight is by deploying a honeypot. A honeypot deliberately exposed system designed to attract and log malicious activity.
In this article, I walk through how I launched my first honeypot server on AWS using Telekom Security’s T-Pot, a popular multi-honeypot platform used by researchers and professionals worldwide.
1. Launch an EC2 instance
To launch your EC2 instance, check my previous articles Running VMs in the cloud:AWS Virtualization for Beginners.
Please make sure your instance type and storage configuration align with the system requirements to launch a honeypot server.
2. Cloning Telekom Security T-Port Repository
Use the command "git --version" to check if git is installed
To clone the Repository, copy the command
" git clone https://github.com/telekom- security/tpotce "
3. Change into the tpotce/ folder
Use the command " ls ", and check if the tpot is already downloaded.
Use the command " cd tpotce " to change the directory to tpotce
directory
Use the command " ls " to view all the directories and files in the tpotce directory
4. Installing t-pot
Run the command " ./install.sh" to install t-pot
select 'y' to install
Select " h " for the install type
Enter your user name
Select "y" if your username is correct
Enter your password
Confirm your password
5. Change port to 64295
EC2 Home > Instances (running) > [Your Instance] > Security Tab > Security Group Link > Edit inbound rules.
Change the port range from 22 to 64294
Change the sources to my IP address
Add more rules, check the image below
Launching your honeypot
Open your IP address in your web browser
Thanks for reading
Top comments (0)