30-10-2009, 03:39 PM
Abstract
Honeypot is an Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out. By luring a hacker into a system, a honeypot serves several purposes: ¢?The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. ¢?The hacker can be caught and stopped while trying to obtain root access to the system. ¢?By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers. Over the last years, network-based intrusions have increased exponentially, due to the popularity of scripted or automated attack tools. This increase in intrusions has rekindled interest in honeypot systems, which can be used to trap and decode the attack methods used by the black hat community.
[attachment=340]