Ulisses Costa describes how he and Pedro Pereira created a honeypot and now has reported some of his statistics about attempted SMTP attacks and attempted SSH attacks. Ulisses used the honeyd daemon to make it happen.
He also made graphs and has them in his articles. Very educational reading – and recommended.
While a honeypot can sound like a fabulous security tool (e.g., make the hackers go for the honeypot instead of the real thing), it is weak at this at best and is better for research. Using the honeypot can show you what the hackers are doing, and give you insights into their activities.
I should mention that honeypots, by their very nature, are magnets for hackers: so don’t put one of these on a trusted (or valuable) network, nor should you put one of these up without getting permission first.
Update: He was as good as his word (see below). He has two new articles: Tracing the Attack, Part I and Tracing the Attack, Part II. Illuminating!
One thought on “One Person’s Experience with Honeypots”
Hello David. Thank you for you interest in the results of my honeypot. Later on, I will show the rest of the results… Stay tuned!