FAQs

Common Questions about StingBox HoneyPots.
Search, Scroll or Contact us for assistance.

How can I test/trigger HackerCam?

The StingBox HackerCam feature records a hackers keystrokes and then send those to you as a follow-up to the the initial alert that your StingBox HoneyPot has been probed. To test this feature, you can pretend to be a hacker.  A typical network intruder will have run an NMap scan on your network to identify interesting targets and will see the custom hostname you have given your StingBox and that it has open ports to probe with a password cracker. Both activities that will trigger an initial StingBox Alert. The next step would be for the hacker to SSH the StingBox. They will now know the IP address of the Stingbox.  You copy this next step using any SSH program like Putty for Windows or...

WebHook Alerts

To set up receiving alerts via Webhooks, you need to add the desired URL to which alerts will be sent on the "Alert Settings" page of your Dashboard A request will be sent to the received URL every time any alert is triggered (according to the configured severity). The request will always be sent using the POST method, the body of which will contain JSON data about the alert. The request will always be sent only once, without repeats (if your server cannot process it). There are currently no restrictions on the protocol used, so you can use https or http. Here is an example of the JSON structure: Field Detail: severity: text information about the importance of the alert. The following are...

SysLog Alerts

Network professionals can now receive Stingbox alerts via Syslog. Currently, sending is performed only via the TCP protocol. To set up receiving alerts using syslog, you need to configure your server to receive such logs using the TCP protocol. Next, go to the stingbox website and go to the alert methods management page. There you will see this new option at the bottom:  To start receiving syslog alerts, you need to specify here the IP address of your server to which the alerts will be sent, as well as the port used. Follow the format specified in this field: <ip>:<port> So if you did everything right and entered the correct address, you will receive alerts to this server....

Can I clear my list of hosts?

Please email support@stingbox.com and we can help you do this. Hosts will also automatically drop out of recent hosts in 24 hours.

How do I set up my StingBox?

Plug your StingBox into the power outlet and any open port on your network. Create an account and enter the code printed on your StingBox and your subscription code from your purchase. That’s it! More help is available at https://www.stingbox.com/setup/

How do I reset my password?

Click “account settings” and then complete the password reset form to reset your password. If you can't access your account, please email support@stingbox.com

I’d like to resell StingBox, do you have a program?

We work with MSPs, MSSPs, IT professionals, VARs, distributors, and solution providers in a variety of models - please email us at info@stingbox.com to start a conversation. We do not currently work with digital-only drop-shippers.

My StingBox is alerting me too often, how do I stop it?

You can change the alert settings from your dashboard. There are three categories of alert. Critical, Important and Informational. Each can be set with it’s own unique instructions for how and where to send alerts. You can also always disable any alert methods from your dashboard. You may also consider whitelisting specific IP addresses which cause excessive alerts (i.e. known vulnerability scanners)

How do I test my StingBox to make sure it is working?

Open up any web browser on your local network and enter ftp://YOURSTINGBOXIP into the url bar. Example (ftp://192.168.1.29). You can find your STINGBOXIP on your dashboard. This will generate an alert for an attempted FTP scan attempt.

Can StingBox really be helping me with such a low cost?

StingBox was designed to be a low cost solution to a tough problem, detecting if someone is snooping on your network. We are able to maintain low costs because of our Software as a Service model and our low cost hardware design.

If I have no alerts on my StingBox, am I guaranteed not to have been be hacked?

No, StingBox is a honeypot, not a 100% guarantee you have not been hacked. If an attacker stays on a single host on your network it is likely that stingbox will not detect the attacker (however, we may have detected the attacker when they were trying to compromise that first host). We suggest having endpoint security for the devices on your network in addition to the StingBox.

I’ve got a new device alert, what should I do?

If you recently connected a device to your network yourself (or someone on your network did - nothing to worry about as it was an expected new device connection. If you can’t figure out what the new device is on your network or why it was installed (i.e. someone you don’t know is using your Wi-Fi connection), you may want to block the device (i.e. on your router).

Does StingBox stop hackers?

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

Has StingBox been penetration tested?

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

What information does StingBox collect? Where is it Stored?

StingBox collects and stores -Attack sessions from attackers (what they typed, how they interacted with the honeypot) -IP address of your external network interface -Open ports on your external network interface -Names and MAC addresses of devices on your network which StingBox discovers with a network scan This information is sent over an encrypted channel back to StingBox's cloud servers so you can review this information on your dashboard.

Does the StingBox device support Power over Ethernet (PoE)?

No, but we have tested an inexpensive adapter that we can recommend. POE Texas' Adapter can be purchased directly at POETexas.com or from Amazon. Note: It's important to order the Micro USB version. This adapter has also changed connectors since our initial purchase. You may want to consider the UCTronics adapter below. One of two of these POE Texas adapters we tested failed after 9 months. The other is still running since May of 2000. Full disclosure: The adapter failed while powering an alternative StingBox platform we were testing. The platform still works, but the POE doesn't. This isn't a sufficient data set to say for certain that the power supply was the cause of its failure. There...

Does StingBox support export to a SIEM?

Many customers have implemented SIEM integration through a periodic pull from our API. StingBox API Documentation If this method does not work for you, please email us at support@stingbox.com and we can get things set up.

Can one Stingbox have multiple IPs?

StingBox virtual currently does not support multiple network interfaces. If this is a feature you would like, please email support@stingbox.com with the request so we can track demand for this feature.

Do I have to put a unit on each VLAN?

No, as long as the StingBox is reachable by attackers, it will perform its honeypot functions. You may choose to deploy multiple StingBox on different segments of your network to create more possible points of detection.

Does StingBox scan across VLAN’s?

Stingbox has support for multiple VLANS with a single subscription. Simply specify the IP ranges on your dashboard and the sting box will do device discovery on all of your VLANS.

Static IP Instructions

  You can assign an IP to StingBox by changing a file named “eth0.txt.unset” on the SD card of your StingBox.This file will only be on your SD card if your StingBox is running software version 1.59 or greater.If you have an older StingBox, you can obtain this by simply connecting your StingBox to a DHCP network for 10 minutes to download and install the update. Instructions for setting the IP on a physical StingBox can be found in the “eth0.txt.unset” file or below: Very Important: After you change the file according to instructions below, you will need to allow StingBox to boot with the new settings you have added. Then, you must wait 10 minutes to give StingBox time to load and...

How do I update my payment / credit card info?

You can change your payment details on your Stripe Dashboard Here. If you have a subscription through PayPal, or an invoice based subscription please email support@stingbox.com and we can update your info.

Why do you have a subscription model? I’d like to purchase a StingBox without a Subscription, is that possible?

We only offer StingBox through a subscription. Our subscription model makes StingBox a sustainable business. StingBox is a cloud-delivered subscription service with an optional hardware component. We continually add capabilities and features to StingBox (discovery scanning, open port alerts, hackercam, etc) and our dashboard and alerting services. Additionally, we provide extensive support for our customers. DIY honeypots information can be found here https://www.techtarget.com/whatis/feature/How-to-build-a-honeypot-to-increase-network-security

Why isn’t the StingBox detecting some of the devices/hosts on my network?

StingBox does a best-effort scan of your network using ping and arp-scaning approaches every 5 minutes. Please make sure you have waited 5 minutes for the StingBox to scan your network. Your network may be in different segments and, by default StingBox is only able to scan the segment upon which it connected. You may configure custom discovery scanning ranges on your dashboard.

Other Questions? email us support@stingbox.com