Every one of you must be aware of the term hacking and on the web, domain hackers have to make malicious requests to take down the servers. There are many kinds of attacks that they try to perform and these honeypot servers are ways to analyze their attack patterns.
What is a honeypot server?
Honeypot servers are the servers where you forward the malicious requests to keep track of their request and then analyze them for a particular pattern. Hackers don’t know that they are sending their traffic to the honeypot which will give defenders their data. Using this data, pattern and attack methodologies are analyzed and then steps are taken to cope up with these. Below is an architecture where honeypot servers actually come in your infra.
So you can see your traffic has to be identified at the load balancer level and then sent to honeypot servers. There can be many other implementation and deployment strategy of it, based on your infrastructure.
Honeypot servers are sometimes made weak in terms of security so that they can lure the attackers and help the analyst get the data they need.
This was very basic of honey pot you can read about more on the internet.
If you like the article please share and subscribe.
3 COMMENTS
What kind of algorithm needs to be run in the loadbalancer to different actual and malicious traffic?
Well it depends on what you need to catch, for the simplest example you can see rate limiting on ddos attack. Whenever you see traffic coming from certain IPs as huge you can route them to honeypots.
Can you write one example route for that?