Other Definitions
honeypot (dict)
|
Honeypot - For the plant, see king protea. For the "tourist trap" meaning, see honeypot (geography).
In computer terminology, a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers. An honeypot that is designed to be an open-proxy is known as a Sugarcane. The primary value of a honeypot is in the information it provides, which can be used for things such as detection, early warning and prediction, or awareness. While often a computer, a honeypot can take on other forms, such as files or data records, or even unused IP space. Honeypots have no production value, they should not see any traffic or activity. If they do capture any activity, it is most likely malicious or unauthorized. Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to actually break into a system. Etymology The term "honeypot" is often understood to refer to the British children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey. An alternative explanation for the term is a reflection of the sarcastic term for outhouses and other methods of collecting feces and other human waste in places that lack indoor plumbing. Honey is a euphemism for such waste, which is kept in a honeypot until it is picked up by a honey wagon and taken to a disposal area. In this usage, attackers are the equivalent of flies, drawn by the stench of sewage. Types of honeypots Low-interaction honeypots primarily are software that emulate different operating systems and services. These honeypots are easier to deploy and more secure, but capture less information. High interaction honeypots don't emulate. Instead they are real computers, applications, and services. These honeypots are far more complex to deploy and have greater risk, but can capture far more information. An example of a low interaction honeypot is Honeyd. An example of high interaction honeypot is Honeynets. A honeypot can also be other things, such as a real website or chatroom set up to trap users with other criminal intent, e.g., regarding child pornography, as in Operation Pin. Spam honeypots Spammers are known to abuse vulnerable resources such as open mail relays and open proxies. Some system administrators have created honeypot programs which masquerade as these abusable resources in order to discover the activities of spammers. Open relay honeypots include Jackpot, written in Java, and smtpot.py, written in Python. The Bubblegum Proxypot is an open proxy honeypot (or proxypot.) An email address that is not used for any other purpose than to receive spam can also be considered a spam honeypot. Theoretically, such addresses could be used to receive spam that could then be compared to spam received by legitimate addresses. The spam could then be removed from the mailbox of the legitimate address. See also External links
|
 |