Common Questions about StingBox HoneyPots.
Search, Scroll or Contact us for assistance.

How can I test/trigger HackerCam?

The StingBox HackerCam feature records a hackers keystrokes and then send those to you as a follow-up to the the initial alert that your StingBox HoneyPot has been probed. To test this feature, you can pretend to be a hacker.  A typical network intruder will have run an NMap scan on your network to identify interesting targets and will see the custom hostname you have given your StingBox and that it has open ports to probe with a password cracker. Both acrtivities that will trigger an initial StingBox Alert.  The next step would be for the hacker to SSH the StingBox. They will now know the IP address of the Stingbox.  You copy this next step using any SSH program like Putty for Windows or...

Can I clear my list of hosts?

Please email support@stingbox.com and we can help you do this. Hosts will also automatically drop out of recent hosts in 24 hours.

How do I set up my StingBox?

Plug your StingBox into the power outlet and any open port on your network. Create an account and enter the code printed on your StingBox and your subscription code from your purchase. That’s it! More help is available at https://www.stingbox.com/setup/

How do I reset my password?

Click “account settings” and then complete the password reset form to reset your password. If you can't access your account, please email support@stingbox.com

I’d like to resell StingBox, do you have a program?

We work with MSPs, MSSPs, IT professionals, VARs, distributors, and solution providers in a variety of models - please email us at info@stingbox.com to start a conversation. We do not currently work with digital-only drop-shippers.

My StingBox is alerting me too often, how do I stop it?

You can change the alert settings from your dashboard. There are three categories of alert. Critical, Important and Informational. Each can be set with it’s own unique instructions for how and where to send alerts. You can also always disable any alert methods from your dashboard. You may also consider whitelisting specific IP addresses which cause excessive alerts (i.e. known vulnerability scanners)

How do I test my StingBox to make sure it is working?

Open up any web browser on your local network and enter ftp://YOURSTINGBOXIP into the url bar. Example ( You can find your STINGBOXIP on your dashboard. This will generate an alert for an attempted FTP scan attempt.

Can StingBox really be helping me with such a low cost?

StingBox was designed to be a low cost solution to a tough problem, detecting if someone is snooping on your network. We are able to maintain low costs because of our Software as a Service model and our low cost hardware design.

If I have no alerts on my StingBox, am I guaranteed not to have been be hacked?

No, StingBox is a honeypot, not a 100% guarantee you have not been hacked. If an attacker stays on a single host on your network it is likely that stingbox will not detect the attacker (however, we may have detected the attacker when they were trying to compromise that first host). We suggest having endpoint security for the devices on your network in addition to the StingBox.

I’ve got a new device alert, what should I do?

If you recently connected a device to your network yourself (or someone on your network did - nothing to worry about as it was an expected new device connection. If you can’t figure out what the new device is on your network or why it was installed (i.e. someone you don’t know is using your Wi-Fi connection), you may want to block the device (i.e. on your router).

Does StingBox stop hackers?

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

Has StingBox been penetration tested?

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

What information does StingBox collect? Where is it Stored?

StingBox collects and stores -Attack sessions from attackers (what they typed, how they interacted with the honeypot) -IP address of your external network interface -Open ports on your external network interface -Names and MAC addresses of devices on your network which StingBox discovers with a network scan This information is sent over an encrypted channel back to StingBox's cloud servers so you can review this information on your dashboard.

Does the StingBox device support Power over Ethernet (PoE)?

No, but we have tested an inexpensive adapter that we can recommend. POE Texas' Adapter can be purchased directly at POETexas.com or from Amazon. Note: It's important to order the Micro USB version. This adapter has also changed connectors since our initial purchase. You may want to consider the UCTronics adapter below. One of two of these POE Texas adapters we tested failed after 9 months. The other is still running since May of 2000. Full disclosure: The adapter failed while powering an alternative StingBox platform we were testing. The platform still works, but the POE doesn't. This isn't a sufficient data set to say for certain that the power supply was the cause of its failure. There...

Does StingBox support export to a SIEM?

Many customers have implemented SIEM integration through a periodic pull from our API. StingBox API Documentation If this method does not work for you, please email us at support@stingbox.com and we can get things set up.

Can one Stingbox have multiple IPs?

StingBox virtual currently does not support multiple network interfaces. If this is a feature you would like, please email support@stingbox.com with the request so we can track demand for this feature.

Do I have to put a unit on each VLAN?

No, as long as the StingBox is reachable by attackers, it will perform its honeypot functions. You may choose to deploy multiple StingBox on different segments of your network to create more possible points of detection.

Does StingBox scan across VLAN’s?

Stingbox has support for multiple VLANS with a single subscription. Simply specify the IP ranges on your dashboard and the sting box will do device discovery on all of your VLANS.

Static IP Instructions

There are two ways to set a Static IP. If your network uses DHCP to allocate IPs: You can designate a Static IP to be assigned to StingBox using the MAC Address of your StingBox.We record the MAC address of each StingBox during provisioning and testing.You can view your StingBox MAC address on the StingBox Dashboard after adding your StingBox to your dashboard using the Code on the bottom of each StingBox. If your network does not use DHCP: You can assign an IP to StingBox by changing a file named “eth0.txt.unset” on the SD card of your StingBox.This file will only be on your SD card if your StingBox is running software version 1.59 or greater.If you have an older StingBox, you can obtain...

How do I update my payment / credit card info?

You can change your payment details on your Stripe Dashboard Here. If you have a subscription through PayPal, or an invoice based subscription please email support@stingbox.com and we can update your info.

Why do you have a subscription model? I’d like to purchase a StingBox without a Subscription, is that possible?

We only offer StingBox through a subscription. Our subscription model makes StingBox a sustainable business. StingBox is a cloud-delivered subscription service with an optional hardware component. We continually add capabilities and features to StingBox (discovery scanning, open port alerts, hackercam, etc) and our dashboard and alerting services. Additionally, we provide extensive support for our customers. DIY honeypots information can be found here https://www.techtarget.com/whatis/feature/How-to-build-a-honeypot-to-increase-network-security

Why isn’t the StingBox detecting some of the devices/hosts on my network?

StingBox does a best-effort scan of your network using ping and arp-scaning approaches every 5 minutes. Please make sure you have waited 5 minutes for the StingBox to scan your network. Your network may be in different segments and, by default StingBox is only able to scan the segment upon which it connected. You may configure custom discovery scanning ranges on your dashboard.

Other Questions? email us support@stingbox.com