@jbarber1976 just thinking a little more about this in terms of how to structure such a honeypot. The real issue here is that the honeypot itself will only be useful if the source IP is correct - for example, not hidden behind a VPN or reverse proxy.
In this case, the information you’d gain would be useless as it would only direct you to the VPN host, and not the actual perpetrators, which of course, is the primary goal.
I’d need more information to be able to comment further.