When it comes to setting up a honeypot and putting it online 24×7 one might consider the amount of money it is going to take. In this blog post I want to discuss the various options and their costs. Specifically, I am looking at cloud instances and my favourite Raspberry Pi. Any more inputs are more than welcome.
Recently people have been making use of cloud instances to setup honeypots a lot! To be honest that’s not a very bad option unless you dont’t have fixed monthly rentals. I have been running kippo and glastopf on a Digital Ocean droplet for the last 6 months and have had no problems so far. I took their 5$ a month plan and that’s the total fees involved. So for a year it comes down to around 12×5 = 60$. Additionally you get a 10$ credit in the beginning which rather makes it run free for two months. Then there’s a referral program which gives you 25$ for every registration via the referral link. All in all, you do save a lot if you run your pot on a Digital Ocean’s instance. However on the other hand, there are providers like amazon that undoubtedly would give you approximates very different from the 60$ a year scale. For instance if you get a t2.micro instance you’d be spending something like 9$ a month.
On the other hand if you decide to set up a raspberry pi honeypot you need additional infrastructure. Let me discuss them one by one. First, the PI itself is going to cost somewhere around 45$ but that’s a onetime investment. Then we need a separate internet connection for it, I tried running it on my home network but once you run a honeypot it sucks upon your bandwidth. I was barely able to browse through websites additionally there’s an added risk of compromise. However you can go for a minimal internet connection something like a 256kbps broadband plan. Additionally if you are setting up a pot like kippo or dionaea you would as well need a static IP. I tried running these pots on a dynamic IP by setting them as DMZ in my home router however the attack probes, although there, were very less as compared to the one I received on the pot with a static IP. Then there is an electricity cost consideration although it is only something like 1$~ per month, what is frustrating is since this charger is going to be used 24×7 chances are that it breaks down every 4 – 6 months. All in all without the cost of PI it comes down to around 13$ per month.
Now it may look like a straight forward decision to go for a cloud instance. However I have my reasons for running it on a PI. First, the costing of the instance I have discussed are the minimal ones which in real cases are only used to test the network and usually do not have a good performance, making installations can be a pain. Second today if I wish to use my raspberry pi for something else I can easily use a different memory card or better still I can just take a backup of the raw image (that’s how I have been making pi-pot distros) and then rewrite it when I want to use it as a honeypot. Additionally, I can carry the PI and even set it up at my office desk. Plus if you have ever owned a raspberry pi you’d back me up here, we enjoying playing around with it and I don’t need to give my credit card details to any website.
In summary, if you belong to an organization that supports such projects it might be wiser to get yourself a PI however if you are just starting out and wish to make you own deployment after all those experiments on a VM, a cloud instance maybe a better option. Oh! I almost forget, avoid deploying a 24×7 online honeypot on a VM for god’s sake.