How to set up data collection?⚓︎
The whole functionality is nowadays provided by Sentinel. You just need to enable the Data Collection package list in the Package Management tab and agree with our EULA via Data Collection tab in reForis. This will install and enable dynamic firewall and other selected data collection components.
You can also install the data collection manually using command line (SSH):
opkg update opkg install turris-survey sentinel-dynfw-client sentinel-nikola sentinel-minipot haas-proxy uci set sentinel.main.agreed_with_eula_version=1 && uci commit
In both cases, few extra steps are needed to activate HaaS:
- Register on our website - HaaS.nic.cz.
- There, in section My Honeypot click on Add new device. After naming it, you will get a token
- Add your token to the router using command line (SSH):
uci set haas.settings.token="YOUR_TOKEN" uci commit /etc/init.d/haas-proxy enable /etc/init.d/haas-proxy start
Important note about Internet Service Providers⚓︎
Some Internet Service Providers (ISPs) actively detect potentially vulnerable services running by their customers. If they find such services they send notification or even block external access to such ports.
The same applies for some community, municipal or other networks as well.
Some parts of Sentinel (Minipots and HaaS) may be detected as such vulnerable services because they emulate them to catch potential attackers without any risk (the attackers do not enter any real environment).
What to say to your ISP if you receive such warning:
- Those services are operated intentionally as a part of the Sentinel security research project.
- They are provided by honeypots and not vulnerable software.
- The results of the project are instantly deployed to routers and improve security of the routers and the networks beyond them.
- You want to keep those ports/service accessible from the Internet.
Please let us to know (email@example.com) if your ISP sends you such warning or event applies some “protective” measures on your Internet connection.
Some ISPs silently block access to some ports (they do not declare that they do so). It is useful to ask explicitly which ports are blocked.