The unfortunate reality is that, despite the best attempts at network security, attack attempts will occur. Sometimes they will be successful. One way to detect an attack in progress is to set up a honeypot.
A honeypot is a system that is set up to attract an attack attempt and direct the attacker to a safe system where his actions can be tracked and assessed without compromising the system that we are really trying to protect. The honeypot could be:
- A dedicated server
- A simulated system or state machine
- A service on a selected host. An example would be Tiny Honeypot, which listens to ports not in legitimate use.
- A virtual server
- A single file with special attributes. This is sometimes called a honeytoken.
A honeypot is never meant for authorized users to use. So, any access to it is either accidental or hostile.