Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is a Network Honeypot?

0

0

Article ID: KB4803 KB Last Updated: 29 Nov 2012Version: 6.0
Summary:

What is a Network Honeypot?

Symptoms:


 

Cause:
 
Solution:

A network honeypot is designed to capture extensive information on threats or attacks. The NetScreen IDP simulates an application server service on the network. The impersonated service is intended to entice attacks on these non-existent application servers. The IDP administrator can configure a network honeypot to monitor or block connections and attacks on these fake services.

A network honeypot appears to the hacker to be a real server when in reality, the honeypot contains only fake information. The goal of a network honeypot is to attract hackers’ attention. If you monitor the honeypot for suspicious activity, you might detect hackers before exploring your real servers.

Note that you must monitor the logs on a honeypot by responding with SYN/ACK packets to any TCP SYN requests it receives. Hackers then assume that those ports are open, and the hackers decide to probe them further. The IDP sensor does not perform any further protocol emulation other that replying to the SYN packet.

If you configure the IDP sensor to a honeypot, you can potentially detect slow port scans and identify potential attackers.

note: Please note that detection occurs only when the attacker attempts to connect to the service.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search