In computer terminology, a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a computer network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers. A honeypot that masquerades as an open proxy is known as a sugarcane.

A honeypot is valuable as a surveillance and early-warning tool. While often a computer, a honeypot can take on other forms, such as files or data records, or even unused IP address space. Honeypots should have no production value and hence should not see any legitimate traffic or activity. Whatever they capture can then be surmised as malicious or unauthorized.

Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to actually break into a system.

== Etymology ==

The term honeypot is often understood to refer to the United Kingdom children s character Winnie the Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey.

During the Cold War it was an espionage technique, which inspired spy fiction. The term honeypot was used to describe the use of sexual entrapment to gain information. In a common scenario, a pretty female Communist agent would trick a male Western official into handing over secret information. An alternative explanation for the term is a reflection of the sarcastic term for outhouses and other methods of collecting feces and other human waste in places that lack indoor plumbing. Honey is a euphemism for such waste, which is kept in a honeypot until it is picked up by a honey wagon and taken to a disposal area. In this usage, attackers are the equivalent of flies, drawn by the stench of sewage.

= Types of honeypots =

Most low-interaction honeypots emulate operating systems or network services like web servers and FTP servers. These honeypots are easy to deploy and more secure, but capture less information.

High interaction honeypots are not emulations of operating systems or network services. Instead, they are real computers, applications, and services. These honeypots are far more complex to deploy and have greater risk, but can capture far more information.

A collection of honeypots, dubbed a [http://research.microsoft.com/HoneyMonkey HoneyMonkey ], uses a shotgun approach. In this implementation, numerous computers with various operating systems, software, configurations and patch levels are sent out to trawl the internet solicting themselves, looking for vulnerabilites in their own systems.

A honeypot can also be a website or chatroom set up to lure and trap users with other criminal intent; Operation Pin, for example, used honeypots as part of a sting operation on child pornography.

Honeypots can also be classified as military intrusion detection honeypots and research based honeypots.

=Spam honeypots=

Spamming are known to abuse vulnerable resources such as open mail relays and open proxy. Some system administrators have created honeypot programs which masquerade as these abusable resources in order to discover the activities of spammers.

Open relay honeypots include [http://jackpot.uk.net/ Jackpot], written in . The [http://www.proxypot.org/ Bubblegum Proxypot] is an open proxy honeypot (or proxypot.)

An email address that is not used for any other purpose than to receive spam can also be considered a spam honeypot. Theoretically, such addresses could be used to receive spam that could then be compared to mail received by legitimate addresses. The spam could then be removed from the mailbox of the legitimate address.

= See also =

= External links =