A honeypot is a simply a system program or file that has absolutely no
purpose in production. Therefore, we can always assume that if the honeypot
is accessed, it is for some reason unrelated to your organization purpose.
The workhorse of all honeypots is honeyd. It simulates an entire
environment and is available from http://www.honeyd.org/.
Another type of honeypot is called a Proxypot, which is a proxy server with
no access control. The open proxy honeypot allows internet clients to
connect and make requests to the proxy server for connection to internet
hosts, even those that are behind the proxy server. This allows server
traffic to be examined to detect various threats including distributed
password account quessing, nessus web vulnerability scans, and proxy
chaining.
There is also a honeypot program is called the Deception Tool Kit, which can
be downloaded from http://www.all.net/dtk/index.html. You can configure the
responses for each port.
Honeypots are probably one of the last security tools an organization should
implement. This is primarily because of the concern that somebody may use
the honeypot to attack other systems.
IDFAQ: What is a honeypot and how is it used?
