What is Honeypot
A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. They are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.
• Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise
• Used for monitoring, detecting and analyzing attacks
• Does not solve a specific problem. Instead, they are a highly flexible tool with different applications to security
• A trap set to detect and deflect attempts at unauthorized use of information systems.
• It consist of a computer, data or a network site that appears to be part of a network but which is actually isolated & protected.
• Whatever they capture is supposed to be malicious & unauthorized.
An example of a honeypot is a system used to simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. This kind of honeypot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack
Etymology
The term "honeypot" is often understood to refer to the English children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey.
During the Cold War it was an espionage technique, which inspired spy fiction. The term "honeypot" was used to describe the use of female to gain secret information. In a common scenario, a pretty female Communist agent would trick a male Western official into handing over secret information.
An alternative explanation for the term is a reflection of the sarcastic term for outhouses and other methods of collecting feces and other human waste in places that lack indoor plumbing. Honey is a euphemism for such waste, which is kept in a honeypot until it is picked up by a honey wagon and taken to a disposal area. In this usage, attackers are the equivalent of flies, drawn by the stench of sewage
History of Honeypot
The concept of the honeypot is not new. In fact as early as 1991, a number of publications expounded on concepts that were to be foundations of today’s honeypot development. Two publications in particular stood out:
 1990/1991 The Cuckoo’s Egg and Evening with Berferd
Clifford Stoll was an astrophysicist turned systems manager at Lawrence Berkeley Lab. Due to a 75 percent accounting error was able to track down a hacker that was using their computers as a launching pad to hack hundreds of military, industrial, and academic computers in search of secrets. His book “The Cuckoo's Egg”, published in 1988, detailed his experiences through this 3 year incident where he observed the hacker and subsequently gathered information that led to the hackers arrest.
The other publication that was of particular note during this period was “An Evening with Berferd” by the well respected Internet Security expert, Bill Cheswick. In the paper, Mr. Cheswick describes how he and his colleagues set up their jail machine, also known as roach motel2 in which they chronicled a hackers movements and the bait and traps they used to lure and detect him.
 1997 - Deception Toolkit
The Deception Toolkit is one of the original and landmark Honeypots. It is generally a collection of PERL scripts designed for UNIX systems that emulate a variety of known vulnerabilities. The concept put forward by the DTK is “deceptive defense” which now central in Honeypot concepts and implementations
 1998 - CyberCop Sting
CyberCop Sting is a component of the CyberCop intrusion protection software family which runs on NT. Cybercop Sting has also been referred to as a “decoy server” for it can simulate a network containing several different types of network devices, including Windows NT servers, Unix servers and routers. Each of these decoys had the ability to track, record, and report intrusive activity to network and security administrators. As with the DTK, each of these decoys can run simulated services. However, as with the problem with most simulated or low-interaction Honeypots, you can only only simulate limited functionality with Cybercop sting