@d90 : One (underused) option that may help in this case (unsure since I’m not sure what NMap is keying on; chodonne’s answer may be what’s needed) is to use the personalities option for the honeypot:
Routing 10.0.10.0/24 to an anyip host with a “real/management” interface on 10.0.20.5 is just dandy.
But if you tried to send a default route of 10.0.0.0/16 at the anyip interface, your management interface traffic will end up sucked into the honeypot as well, which is of course not ideal. :-/
Hi @zapsoda ! Great question!
MHN is where CHN came from; we forked that project about 1.5 years ago and have been working to maintain it since then. In terms of project comparisons, I think the biggest difference is that CHN is based on Docker images for the server and individual honeypots, while MHN used custom scripts to install the software onto the local OS in a traditional manner
So the CIF bit only works if you’re contributing to the STINGAR project, which is restricted to education institutions only at the moment. :-/
OR if you run your own CIF instance for collecting data, but that would likely be overkill for a single instance. If it’s just a single CHN server, I would configure the logging and then pull the logs off somewhere convenient