One Person’s Experience with Honeypots

Ulisses Costa describes how he and Pedro Pereira created a honeypot and now has reported some of his statistics about attempted SMTP attacks and attempted SSH attacks. Ulisses used the honeyd daemon to make it happen.

He also made graphs and has them in his articles. Very educational reading – and recommended.

While a honeypot can sound like a fabulous security tool (e.g., make the hackers go for the honeypot instead of the real thing), it is weak at this at best and is better for research. Using the honeypot can show you what the hackers are doing, and give you insights into their activities.

I should mention that honeypots, by their very nature, are magnets for hackers: so don’t put one of these on a trusted (or valuable) network, nor should you put one of these up without getting permission first.

Update: He was as good as his word (see below). He has two new articles: Tracing the Attack, Part I and Tracing the Attack, Part II. Illuminating!