When trying to catch someone trying to steal your car or anything of value, the thought of advertising a decoy in order to catch someone always comes to mind. The same goes for trying to catch someone trying to hack into a network that you or a company may value. To setup a decoy, a honeypot is created (think honey like what Pooh Bear would REALLY want) that looks like a valid system on the network that is exposed and vulnerable for hackers to try to attack (EC-Council). If the attacker takes the bait, then that attacker will reveal his or her methods while trying to attack that system. The attacker would probably start passively scanning, but then quickly go to actively scanning and enumerating, and once the port of entry is decided upon, would attack using their preferred method of attack. Since legitimate users on the network have no need for the honeypot and may not even know it’s there, it is assumed that any attempts at accessing the honeypot will be considered hostile (Rouse).
Two different types of honeypots exist: production and research honeypots. Production honeypots are created to exist within the company’s network and to reveal attacks as well as slow down attackers while research honeypots are used to reveal types of attacks and discover new practices (Rouse). One really neat idea is to place data with unique identifying properties that can “help analysts track stolen data and identify connections between different participants in an attack (Rouse).”
The biggest downfall to honeypots is that, as we read in the Certified Ethical Hacker book, honeypots can be identified by enumerating the MAC addresses of the NICs or by probing the ports with TCP packets to see if they respond properly. Unfortunately, it’s not a perfect system but it would at least reveal some attacks!
EC-Council. UMUC: Certified Ethical Hacker (CEH) Version 10 eBook w/ iLabs (Volumes 1 through 4). [eVantage]. Retrieved from https://evantage.gilmoreglobal.com/#/books/9781635672343/
Rouse, M., Clark, C., & Cobb, M. (n.d.). What is honeypot (computing)? – Definition from WhatIs.com. Retrieved June 4, 2019, from https://searchsecurity.techtarget.com/definition/h…