IoT Camera Honeypot Experiment

Dear all,

Greetings from Singapore. I am new to here but love the IPVM and community!!

I am as experiment for office R &D, I trying to setup IP camera Honeypot setup. Starting from simple home setup( no nvr/directly plug in router) to small office setup

(4 or 5 cam wired and wireless camera digital IP camera with HikVision NVR)

What is Objective?

1. Expose the vulnerabilities on IP camera to the attackers and "tempt them" attack the our camera setup

2. Monitor the traffic /IP activities using SPAN Port attached to Linux machine.

Is there is open source tools which analyses automatically the traffic pattern /IP apart from Wireshark. (just make life little easier!)

3. Advertise the our camera URL 's IoT search engine's like Shodan etc.

Grateful to answer /suggestions? Particularly on pointer 2 and 3.

The project is long term one and just started.

Thanks for you great support.


Expose the vulnerabilities on IP camera to the attackers and "tempt them" attack the our camera setup.

How? If you punch holes for well known ports and put a camera or a NVR on the other side, you will certainly get some automated attempts.

Though you might be disappointed to find that they are just brute force password lists, containing all the common default passwords and the most common chosen passwords. You may not see even a single buffer overflow or SQL injection attempt.

These bots have a lot of real estate to cover, and so they are like car thieves, unless they think there is something of exceptional value, they just try the quickest stuff and move on.

If you leave the default password in place, then they will add a sushi or some other way to get back in and maybe a DOS listener and get out until they want to DDOS somebody.

Cameras and NVRs are strange targets, because since on the one hand having someone being able to view our home secretly would be terribly violating but on the other it has almost 0 commercial potential, besides DDOS.

Is there open source tools which analyses automatically the traffic pattern /IP apart from Wireshark. (just make life little easier!)

Well your Linux distro will have tcpdump and you can try Cloudshark.

Anyway, why go thru the hassle of setting up cameras, just make a software only honeypot. Then you can masquerade as any camera or device or firmware version you want.

Related: How To Write An RTSP URL Honeypot...

Thanks for your quick reply... Got the info. Actual harware(IP camera's) honeypot is the requiment. It should be high interactive as well.

I agree it is a challenge to attract the attackers. One thinking, expose and advertise in IoT search

engines like Shodan or Inseccamera.org or similar sites..

or playing a fake video of high profile /secure place is also one more options to attract the attackers. Any thoughts..in this regard is useful.

Cheers!