Several honeypot technologies (continuation)

The following are some of the honeypot technologies in use:

• Client honeypots: The majority of honeypots are servers that are listening for connections. Client honeypots actively search out malicious servers that target clients, and they keep an eye on the honeypot for any suspicious or unexpected changes. These systems are usually virtualized and have a containment plan in place to keep the research team safe.

• Malware honeypots: These identify malware by using established replication and attack channels. Honeypots (such as Ghost) have been designed to look like USB storage devices. For example, if a machine becomes infected with malware that spreads by USB, the honeypot will deceive the malware into infecting the simulated device.

• Honeynets: A honeynet is a network of several honeypots rather than a single system. Honeynets are designed to follow an attacker's actions and motives while containing all inbound and outbound communication.

• Open mail relays and open proxies are simulated using spam honeypots. Spammers will first send themselves an email to test the available mail relay. If they are successful, they will send out a tremendous amount of spam. This form of honeypot can detect and recognize the test and successfully block the massive amount of spam that follows.

• Database honeypot: Because structured query language injections can often go undetected by firewalls, some organizations will deploy a database firewall to build decoy databases and give honeypot support.

In my next post, I'll be writing on how to spot a Honeypot token...