Frequently Asked Questions
Search, Scroll or Ask Your Own Below
Could my use of StingBox be deemed a form of entrapment?
StingBox Honeypots are designed to be placed inside your own network. Not outside with an intent to bait anyone in. To our knowledge, no one has ever been prosecuted for entrapping the bad guys inside their own. Entrapment, by definition is “a law-enforcement officer’s or government agent’s inducement of a person to commit a crime, by means of fraud or undue persuasion, in an attempt to later bring a criminal prosecution against that person.”
Does StingBox HoneyPot violate privacy laws?
Privacy laws in the US may limit your right to capture data about an attacker, even when the attacker is breaking into your honeypot, but the exemption under Service Provider Protection is key. What this exemption means is that security technologies can collect information on people (and attackers), as long as that technology is being used to protect or secure your environment. In other words, these technologies are now exempt from privacy restrictions. For example, when StingBox captures the IP, MAC address and keystrokes entered by a hacker’s (and thus enable you to respond to) unauthorized activity. StingBox HoneyPot will most likely not be considered a violation of privacy as the technology is being used to help protect you or your organization, so it falls under the exemption of Service Provider Protection. Intentions matter. Honeypots that are used to protect an organization would fall under this exemption.
There are two ways to set a Static IP.
If your network uses DHCP to allocate IPs:
You can designate a Static IP to be assigned to StingBox using the MAC Address of your StingBox.
We record the MAC address of each StingBox during provisioning and testing.
You can view your StingBox MAC address on the StingBox Dashboard after adding your StingBox to your dashboard using the Code on the bottom of each StingBox.
If your network does not use DHCP:
You can assign an IP to StingBox by changing a file named “eth0.txt.unset” on the SD card of your StingBox.
This file will only be on your SD card if your StingBox is running software version 1.59 or greater.
If you have an older StingBox, you can obtain this by simply connecting your StingBox to a DHCP network for 10 minutes to download and install the update.
Instructions for setting the IP on a physical StingBox can be found in the “eth0.txt.unset” file or below:
Very Important: After you change the file according to instructions below, you will need to allow StingBox to boot with the new settings you have added. Then, you must wait 10 minutes to give StingBox time to load and connect. Then you must unplug power and reboot again.
Using a text editor, hash the DHCP section below and unhash the Static IP section. You must know and properly configure your desired IP address, netmask, gateway and nameserver.
Save the file, and rename it from eth0.txt.unset to eth0.txt
#configuration for DHCP
iface eth0 inet dhcp
#configuration for Static IP. Uncomment (remove the # from the 6 lines below to use, and add # to the two lines above)
#iface eth0 inet static
# address 192.168.0.158
# netmask 255.255.255.0
# gateway 192.168.0.1
# dns-nameservers 126.96.36.199
#To have the stingbox use this file to configure the network adapter
#You must rename the file from eth0.txt.unset to eth0.txt
#once this change is made, do not delete eth0.txt
#after changing this file, unplug and plug back in your stingbox (wait 3 minutes) and then unplug and plug back in your stingbox.
Yes, just enter them on the “manage alerts” page.
Many MSPs run scans on client networks and don’t want alerts to be sent for these routine scans.
To WhiteList an IP, first go to your StingBox Dashboard and click on Add/Manage StingBox section.
Next, look for the “WhiteList IP Manager” link on the bottom of the StingBox you want to stop sending alerts when hit by a particular IP.
Next, Add the IP and Name the Machine for easier identification.
Yes 100%. We have multiple MSP and MSSP customers who use it this way across their customer base. You can add them to groups with custom alerts types and methods for each individual and can also create multiple dashboards so customers can control their own alerts while you maintain your own. We have an API which complex alerting rules etc.
StingBox was designed to be a low cost solution to a tough problem, detecting if someone is snooping on your network. We are able to maintain low costs because of our Software as a Service model and our low cost hardware design.
No, similar to a building alarm system which does not stop burglars but only detects and deters them, StingBox does not stop hackers, it only detects and deters them.
Your StingBox will appear as connected on your dashboard.
Click “account settings” and then complete the password reset form to reset your password.
Plug your StingBox into the power outlet and any open port on your network. Create an account and enter the code printed on your StingBox. That’s it! More help is available at https://www.stingbox.com/setup/
Open up any web browser on your local network and enter ftp://YOURSTINGBOXIP into the url bar. Example (ftp://192.168.1.29). You can find your STINGBOXIP on your dashboard. This will generate an alert for an attempted FTP scan attempt.
Stingbox sends a small packet of to each host on the network to determine if it is up and running.
Every 10 minutes.
Every 5 minutes.
Go to your Discovered Hosts page from your StingBox dashboard to learn more about hosts on your network (i.e. Hostname, manufacturer or a custom name you’ve given the host in the past)
If you recently connected a device to your network yourself (or someone on your network did – nothing to worry about as it was an expected new device connection. If you can’t figure out what the new device is on your network or why it was installed (i.e. someone you don’t know is using your wifi connection), you may want to block the device on your router.
No, StingBox is an intrusion detection alarm, not a 100% guarantee you have not been hacked. If an attacker stays on a single host on your network it is likely that stingbox will not detect the attacker (however, we may have detected the attacker when they were trying to compromise that first host). We suggest having EndPoint security for the devices on your network in addition to the StingBox.
Yes, we offer a full API and custom alerting which many of our partners have integrated with SIEM products. Let us know if this helps or you’d like to talk more about other integration approaches.
No, but we have tested an inexpensive adapter that we can recommend.
POE Texas’ Adapter can be purchased directly at POETexas.com or from Amazon.
Note: It’s important to order the Micro USB version. This adapter has also changed connectors since our initial purchase. You may want to consider the UCTronics adapter below. One of two of these POE Texas adapters we tested failed after 9 months. The other is still running since May of 2000.
Full disclosure: The adapter failed while powering an alternative StingBox platform we were testing. The platform still works, but the POE doesn’t. This isn’t a sufficient data set to say for certain that the power supply was the cause of its failure.
There are several other manufacturers on Amazon
7/2022 Update. StingBox customers are giving positive reviews of this POE splitter from UCTronics
Yes, the StingBox is hardened against attacks and does not cause excessive network traffic.
Yes, in addition to the standard office network physical StingBox, we also offer a virtual version for installation on the cloud or an existing machine. We do have a few warnings. We’ve designed our physical StingBox to be the most secure device on any network. The operating system circuit board we use has been stripped to the bare essentials to reduce the chance of any future zero day hack of things like video drivers or unnecessary components. StingBox undergoes regular penetration testing and checks for updates nightly. If you plan to load StingBox on an old server, or if you don’t know how to secure a virtual machine, or if you simply get careless passwords you may put your network at risk. If you are installing on a physical office network, we urge you to install our standard physical StingBox. And if you are installing on a virtual network using StingBox Virtual, we urge you to use a reputable cloud provider, use strong passwords and follow your providers guidance on security. If you still plan to install StingBox Virtual on your own machine, we urge you to use a new machine with a minimal operating system and maintain security updates. More information on StingBox Virtual can be found here
You can change the alert settings from your dashboard. There are three categories of alert. Critical, Important and Informational. Each can be set with it’s own unique instructions for how and where to send alerts. You can also always disable any alert methods from your dashboard.
Professional users who want to integrate StingBox into the their RMM may do so using our API.
Documentation can be found here or on your StingBox dashboard in the Account Settings section.
We are using a version of the PI Architecture with 512mb of RAM running an ARM linux operating system. This will allow us to continue to add features for many years to come.
StingBox collects and stores
- Attack sessions from attackers (what they typed, how they interacted with the honeypot)
- IP address of your external network interface
- Open ports on your external network interface
- Names and MAC addresses of devices on your network which StingBox discovers with a network scan
This information is sent over an encrypted channel back to Sting-Box.com so you can review this information on your dashboard.
StingBox scans the local network it is connected to. StingBox will detect whether it is on a /24 or a /22 and will scan the network it is placed on.
For example, if it receives an address of 10.1.10.31 from the network’s DHCP Server, it will scan the 10.1.10.31/24 network.
If you’ve received a scan alert on your StingBox, it is likely that one of the machines on your network is compromised. First, identify the computer on your network and then take steps to remove malware from the machine and determine if you need to get a computer forensics company to help investigate if there was data stolen. If this is too daunting for you, we suggest reaching out to an IT solutions provider who can help you secure your network.
Ideal locations include – directly to a port on your router, into a network switch or into an open jack which plugs into your router.
- You may have deleted your alert methods
- Your sting box may have not have anything to alert. Check recent alerts for your StingBox and see if any have been sent.
The most likely cause of this is that your StingBox does not have internet access – please confirm you can access the internet from your wired network. Alternatively, the StingBox itself may have had an issue, please unplug the power and and plug back in the StingBox and wait 10 minutes to determine if it is back online on your dashboard. Still having problems? Email us help@StingBox.com
- StingBox scans your network every 5 minutes, please make sure you have waited 5 minutes for the StingBox to scan your network.
- Your network may be in different segments and the StingBox is only able to scan the segment upon which it connected.