View Full Version : Term of the Day: honeypot

08-08-2002, 11:30 AM
An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.
By luring a hacker into a system, a honeypot serves several purposes:

-The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
-The hacker can be caught and stopped while trying to obtain root access to the system.
-By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

08-08-2002, 07:13 PM
I don't understand how they'd convince the router which incoming requests to direct to the honeypot, and which requests to direct to the real server that needed to handle incoming requests.