any guideline?

[sayo-nara]

May I know how to enable it to gather dns amplification attack in real time?

[Kasperg2]

Hi Sayo-nara!
Where are you in the process? Have you installed it? Are you running it? Where have you placed the honeypot? Is it on a local network or in the cloud? Where is your problem exactly? Please supply more info. :)

[sayo-nara]

Hi Sayo-nara! Where are you in the process? Have you installed it? Are you running it? Where have you placed the honeypot? Is it on a local network or in the cloud? Where is your problem exactly? Please supply more info. :)

Hi Kasperg2, I have installed it in my local network. I thought I could use it for having dns amplification attack in real time and running packet capturing tool for collecting real time dns traffic at the same time, but seems like it doesn't work. I think most probably I need to do some configuration on it, but I am not experienced enough on what to do.

[Kasperg2]

Hmmm... it looks like you are logging your own dns-queries.

If you want to log ddos attacks you need to deply ddospot on the open internet - e.g. on a cloud platform or with a static IP address directly exposed to the internet. Remember that attackers have to scan and find your honeypot first, before any attacks are launched. If it's sitting in your local network, it's probably screened of from both scans and attacks. Does that make sense? :)