[Question] Honeypot

[RoboKomodo]

Someone I know recently mentioned to me honeypot.com.
Now, I know what a honeypot is, but he said something about an IP address being flagged X number of times at honeypot.com. What does that mean? Does it mean anything at all or was he just blowing smoke out his ass?

 

[Bowielee]

Google shows it as some sort of internet security site.

The only definition of honeypot I'd ever heard before this is slang for a woman's nethers.

 

[PatrThom]

A "honeypot" is a website or server specifically crafted to trap spammers/fraudsters/etc. For instance, you can add code to your website which generates hundreds of fake email addresses to fool bots which scrape email addresses. Companies like Symantec will set up ordinary machines (or virtual machines) and leave them connected to the Internet in the hopes that they will "catch" some undiscovered worm or virus so it can be studied.

The idea is that you are setting up an attractive target which in reality is just there to trap the evildoer, sort of like a sundew plant.

--Patrick

 

[strawman]

Some honeypots are designed in such a way that normal humans wouldn't trigger the honeypot routines. They have tricks and traps that only web crawlers would follow. Therefore, if something is setting off the traps, they are defined as a threat, and they keep track of the IP address and other information to try and characterize the threat or attacker.

They then distribute this list of, among other things, ip addresses so that ISPs can configure their routers to block packets matching that ip and other characteristics.

There are hundreds of different types of honeypots, this is just one way one type of honeypot developed to counter Internet threats.