Honeypot

Honeypots are meant to lure computer network intruders into providing some information about themselves and to divert them from inflicting real damage on computer systems. A honeypot is a general term that can be used to refer to a computer, sensitive data or network equipment.

Honeypots are decoys that look like they contain sensitive information but do not. Honeypots also appear to be insecure and part of the larger network, so intruders are tempted to access them as an entry point. In reality, however, honeypots are usually completely isolated and secure, so they do not provide access to the network. Intruders who access honeypots leave behind traces of their activity, commonly known as a footprint. A honeypot is not designed to perform legitimate activity, so it is safe to assume that all traffic through a honeypot is malicious. Honeypots help to limit the need for administrators to filter malicious traffic from legitimate traffic.

Government and private organizations commonly use honeypots to assess the security of their networks. Honeypots can also provide statistics to show, for instance, how many attempts were made to break into a system.

Honeypots may also provide insights into how hackers or crackers attempt to access the system. Some honeypots simply log all activity so that research can be conducted into an attacker's behavior, while some may be set up to be full-fledged security devices, with alerts and logging built in. Some honeypots can detect spammers who misuse network equipment to send large volumes of email.

To be successful, honeypots must be isolated from the real network. If they are not properly separated, a clever intruder might be able to use them to actually break into the system.

Hackers or spammers sometimes use honeypot detection systems, but this is not necessarily a bad thing, since the detection of a honeypot may actually deter an attacker.

Honeyd  is an example of a honeypot. Some projects, like Project Honeypot , keep track of such activity.