Honeypots using specific services!
Below are a series of hotlinks and short descriptions of honeypots that can monitor services in your environment.
Honeyntp -“Honeyntp is an ntp-scan logger/honeypot.”( F. (2014, March 27). Fygrave/honeyntp. Retrieved April 20, 2017, from https://github.com/fygrave/honeyntp)
Troje -“Troje is a honeypot that creates a real environment within a physical of virtual machine using lxc containers.”( D. (2014, August 12). Dutchcoders/troje. Retrieved April 21, 2017, from https://github.com/dutchcoders/troje/)
HoneyPy – “HoneyPy is written in Python and is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.”( F. (2017, April 23). Foospidy/HoneyPy. Retrieved April 21, 2017, from https://github.com/foospidy/HoneyPy)
Ensnare – “Ensnare is packaged as a gem plugin for Ruby on Rails and was developed to allow configuring and deploying a basic malicious behavior detection and response scheme in less than ten minutes.”( A. (2017, April 18). Ahoernecke/ensnare. Retrieved April 21, 2017, from https://github.com/ahoernecke/ensnare)
RDPY – “Remote Desktop Protocol in twisted python.”( C. (2015, June 01). Citronneur/rdpy. Retrieved April 21, 2017, from https://github.com/citronneur/rdpy)
Kippo – “Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.”( D. (2016, September 30). Desaster/kippo. Retrieved April 21, 2017, from https://github.com/desaster/kippo)