So I have recently setup a kippo honeypot, let me show you how I setup my DMZ ready for the honeypot. This step by step guide will walk you through how to achieve this. We will be using VMWare Esxi 5.5 , PfSense and KIPPO SSH Honeypot.
Open up your vSphere Client
So here is an example network setup
Choose Virtual Machine
Create a Virtual Switch
Type in the Network Label
Now we have a DMZ
Now you can see above that I’ve dragged 2 VM’s into this switch setup.
One is PfSense = Firewall
One is KIPPO – Honeypot
So this is the DMZ done, but what about the rest ?
As you can see we have a WAN a LAN and a DMZ
Setup The IP’s
E.G if your lan is 192.168.5.0/24 then your DMZ needs to be different like 192.168.52.0/24
So we would set the DMZ IP as 192.168.52.1 and choose the /24
We now have a ESXi DMZ and we have a PfSense firewall configured DMZ.
The last thing to do is setup the honeypot with a static ip in the DMZ range so anything in the 192.168.52.X range (exlude the ip you set above for the DMZ)
Then setup the honeypots gateway to point to the static IP you set above as the DMZ
So here i am blocking access from the DMZ –> LAN
i am also blocking DMZ –> VPN network
Then the bottom rule is allow DMZ –> WAN , this gives the DMZ access out to the internet.
So at this point the DMZ cant contact the LAN, which is good, but the LAN can access the DMZ which is fine and how we want it.
And we have a honeypot!
Hopefully this has helped someone out there that has read this, please support the site and me by showing your support. Enjoy honeypotting.