Denshi Goshin Jutsu dojo logoDenshi Goshin JutsuNetTools Defense Academy

Mesh defense

HoneyMesh

Trust-Scored Mesh DefenseDetect locally, enforce early, and share only what trust allows.

A distributed defense platform with local traps, JA4-first fingerprinting, persistent bans, secure dashboard/API, Pro-only HoneyMesh Exchange, and explicit trusted mesh participation.

Linux, Go, eBPF/XDP, SQLiteDistributed traps, XDP enforcement, and trusted mesh intelligenceHoneyMesh Operator Manual v2.3.1 and Architecture Deep Dive

Plain English

HoneyMesh detects hostile activity with traps and analytics, can drop banned traffic at kernel speed with XDP/eBPF, and optionally shares signed intelligence with trusted Pro peers.

What it teaches

  1. deception traps
  2. kernel-speed enforcement
  3. JA4-first fingerprinting
  4. trust-scored sharing

Use when

  1. You need Linux-side detection and enforcement
  2. You want local protection that keeps working without a central controller
  3. You want opt-in shared defense across trusted networks

What it observes

  1. Honeypot trap activity
  2. Port scans
  3. JA4 and legacy JA3 TLS fingerprints
  4. Payload entropy and pattern scores
  5. Active bans

Requirements

  1. Linux kernel 5.4+
  2. Root privileges for XDP and BPF maps
  3. Go 1.21+ if building from source
  4. HTTPS certificates for non-lab dashboard/API use

Manual-backed details

  1. Modes include TEST, ENFORCE, and LOCKDOWN.
  2. Shared defense is Pro-only, disabled by default, and requires explicit operator opt-in.
  3. Trusted peers use BTL levels L0 observe, L1 corroborated, L2 immediate enforcement, and L3 authoritative override.

Next step

Start in TEST mode, review the Live Threat Stream, then move selected interfaces and bans into ENFORCE only after allowlists and trust levels are understood.

Product links

Open network-decode.com

Related training

HoneyMesh Operator FlowBot Scans And Brute Force AttacksHoneyMesh Mode SafetyWhat The NetTools Ecosystem Actually IsFrom Local Traps To Trusted Mesh