Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF | .Net API for WAF Systems

HoneyPotServerListnerOption Class

Use the HoneyPotListnerOption class to configure the firewall to actively monitor port for hackers trying to attack the server hosting the application.

Namespace:  Walter.Net.HoneyPot
Assembly:  Walter.Net.HoneyPot (in Walter.Net.HoneyPot.dll)


public class HoneyPotServerListnerOption


For the service to detect being attacked you will need to

  1. Forward ports from the router to the server
  2. Allow your firewall to receive connections on these ports
  3. configure the firewall to monitor the port.

Say you like to detect users trying to manage the server using SSH and you don't use SSH (windows uses Remote desktop)

You then go to your edge router (the router sending the data from the internet to your web-server) and you configure port forwarding.

Ideal you would forward the SSH port, to a port not used on your server ensuring that there is no conflict on port usage.


the following example shows how to configure the firewall to monitor frequently attacked ports
                   options =>
                     options.UseSession = false;
                     options.FireWallMode = Walter.Web.FireWall.FireWallProtectionModes.WebSiteWithApi;

                     options.TrackUsers = true;

                     options.Cashing.GeoLocation.SlidingExpiration = TimeSpan.FromMinutes(20);
                     options.WebServices.UserEndpointJavaScript = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.UserEndpointJavaScript, UriKind.Relative);
                     options.WebServices.IsUserApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.IsUserEndpoint, UriKind.Relative);
                     options.WebServices.RegisterLinksApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.SiteMapEndPoint, UriKind.Relative);
                     options.WebServices.BeaconApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.BeaconPoint, UriKind.Relative);
                     options.WebServices.CSPReportUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.CSPViolation, UriKind.Relative);

                     options.Rules.AllowWhiteListing = false;
                     options.Rules.PhysicalFileWallExcludeReasons = Walter.BOM.FirewallBlockReasons.ALL & ~Walter.BOM.FirewallBlockReasons.NoAccessFromRegion;
                     options.Rules.BlockRequest.BlockDuration.SlideExpiration = true;
                     options.Rules.BlockRequest.BlockDuration.Expires = TimeSpan.FromSeconds(10);
                                          .AddContentSecurityPolicyButTrust(trustingSites: Walter.Web.FireWall.TrustingSites.Jquery | Walter.Web.FireWall.TrustingSites.Google
                                                    , allowInline: true
                                                    , framesPolicy: Walter.Web.FireWall.FramesPolicy.Self);

                  .UsePortScannerProtection(options => {
                      /*map the service ports to a local port on your computer*/
                      /*Redirect the requests to your computer and open the firewall for the redirected ports*/

                      options.SSH   = 4000; // map port 22 to port 4000 on your router
                      options.TSQL  = 4001; // map port 1433 to port 4001 on your router
                      options.Telnet= 4002; // map port 23 to port 4002 on your router
                      options.MYSQL = 4005; // map port 3306 to port 4005 on your router
                      options.DNS   = 4006; // map port 53 to port 4006 on your router

                      /*you can manually map port aliases in the range from 0 till 65535*/
                      options.AddOrUpdate(externalPort: 900, internalPort:14010, name:"Port 900");