Another new, but controversial , network monitoring software tool available is what is called a honeypot or honeynet. These programs are available to allow you to monitor your system for attacks by presenting a target machine that is intended to lure attackers in. The attacker will spend time trying to break into the decoy system, which has been set up to monitor the attacker s activity and then block their access at a specific time. The benefit of honeypots is that they are designed to look like real servers and will often include files or databases set up to appear to be sensitive information. These machines can also provide early identification that your system is being probed or your network enumerated because no one should ever legitimately try to access the system since it won t have production data or services set up ”only the illusion of them.
We will not go into honeypots or honeynets in this book, as there are some legal liabilities you assume when running these systems. This type of software should never be run on real production systems and shouldn t be arbitrarily set up. These machines are meant to be attacked , and improper setup could have very negative effects. More information on these programs is available at http://www.tracking-hackers.com/papers/honeypots.html.