A honeypot is a computer that has been setup to look like a complex network of servers and sometimes workstations. They are used as destinations for cracking attacks. The concept is to keep automated or manual intruders busy mapping the honeypot while information about the attack methods are captured for analysis. Information about the attack sources can also be gathered and action can be taken on the compromised source servers while the attack is in progress.
To extend the time it takes to map a honeypot, virtual servers are used (for example,VMWare) which are totally dynamic and can provide a large number of possible "poorly configured" servers or workstations to maintain interest. These virtual servers use disk images to boot from which can be removed for analysis, deleted and replaced easily.
- Intrusion Detection, Honeypots and Incident Handling Resources (www.honeypots.net)
- Honeynets (www.honeynet.org)