Honeypots

Honeypots are the systems that have only partial security & pose as a lure to attackers.

This is required because, so that attackers will attack the honeypots and the actual system will remain safe. You can say that these system(honeypots) are basically used to fool the attacker.

Honeypots not only protect the actual system from hacker, but also keep track of details about what an attacker is trying to accomplish, by storing the information in a record that can be used to track the activities of attacker. This is useful for gathering the information about attacker activities, by which the network admin can know what the attacker was trying to do in their network.

Honeypots are mainly used to defend against the DOS & DDOS attacks.

Usually honeypots are designed to lure the attacker, now attacker gets fooled that this honeypot is actual system, and attacker will perform hacking activities on it. Honeypot will allow the attacker to install handler or agent code on the system that will perform DOS attacks. (Handler or agent code are basically a programm that is written to implement DOS attacks on network.)

Now when attackers has finished he/she leaves thinking that he/she has compromised the actual system. Later the network admin will check the honeypot and then admin can inspect the handle or agent code to know what was the purpose of attacker or what attacker wanted to do..? Admin can even get IP of attacker.

By getting this information th admin can take steps to prevent any further attacks from attacker. Admin can block that IP. etc.

Honeypots are of 2 types:

1. Low interaction honeypot

2. High interaction honeypot

High interaction honeypots are also called honeynet. They are basically a simulation of complete network containing real computers, running real applications. They are used to catch the Network attacks. Honeynets behave like complete network like a corporate network.

Low interaction work as I explained above. They are basically single system or machine.