RSS

Honeypot Design

NaOH1 pts0 comments

Honeypot Design - Information Camouflage

I&rsquo;ve run various honeypots<br>for a long time.<br>I ran a WordPress honeypot<br>off and on from 2013 to 2018.<br>I&rsquo;ve run endlessh<br>on my home server for years.<br>Before that, I ran the cowrie<br>ssh/telnet honey pot for a while.

Currently, this website runs a fake WordPress login<br>that tells you that you&rsquo;ve used the wrong password<br>after a 5 second delay.<br>Feel free to try it.<br>This website&rsquo;s contact page does nothing but wastes<br>spammers time and effort.

I believe that everyone who has the ability<br>and resources to run honey pots should run one or more.<br>I believe that if a significant fraction of all attempts<br>to scan or otherwise abuse internet services were met with<br>a time wasting, or otherwise abusive or irritating honey pot,<br>scanners and internet bottom feeders would be discouraged,<br>and abandon their low level criminal behavior.<br>High-level grey area behavior,<br>like AI companies scraping the entire web every 10 or 12 hours<br>whether it&rsquo;s changed or not, would also be inhibited.<br>There&rsquo;s also the vigilante thrill of punishing bad internet<br>behavior yourself.<br>Beyond the slight moral obligation to deter low lifes<br>by running honey pots, I believe those with the ability<br>should write their own.<br>An overwhelming number of idiosyncratically behaving false<br>services is an insurmountable barrier<br>even to &ldquo;hyperscaler&rdquo; corporations.

What should someone designing a honeypot think about?<br>Are there any considerations such a person should take into account?<br>Based on the above experience with various honey pots,<br>I wrote the following design considerations.<br>I&rsquo;m only numbering these to be able to refer back to them later.<br>My numbering is not meant to be a prioritization.

Minimize your own resource consumption,<br>eliminate resource exhaustion, of your own systems.

Maximize attacker&rsquo;s resource consumption

Reserve attacker resources if protocol allows

Send malformed or inappropriate responses

Mimic an existing (real, functional) server as closely as possible

Log as much as possible, even malformed data,<br>or data outside the protocol in question.

Avoid collateral damage

Packet-level attribution is sometimes impossible (i.e. UDP services)

Avoid mirror amplification attacks

Be attractive to attackers

Maximize attacker&rsquo;s resource consumption might be<br>in direct opposition to minimizing your own resource consumption,<br>or mimicking existing software.<br>If you want to jerk attackers around,<br>you may not be able to mimic existing software very well.<br>The choices made depend on what goals you&rsquo;ve got.<br>Tension between considerations exists,<br>and I think tensions can only be resolved in practice,<br>by experience, not in up-front design.

Resolving the tensions in requirements and desires<br>lies at the heart of designing and writing<br>any complicated software system,<br>but honey pots go beyond that.<br>What your software initially does can teach you more<br>about attacker&rsquo;s behavior, motivating you to rewrite.<br>Running honey pot software requires ongoing updates,<br>and has similarities to an arms race.

Bibliography

Weirdly, the internet is somewhat short on this topic.<br>All I could find was a couple of out-of-print books,<br>and some maybe &ldquo;predatory journal&rdquo; papers.

Lance Spitzner, Addison-Wesley, 2002, Honeypots: tracking hackers

Mohammed Mohssen, CRC Press, 2016, Honeypots and routers : collecting internet attacks

Enrico Cambiaso and Luca Caviglione, Scamming the Scammers: Using ChatGPT to Reply Mails for Wasting Time and Resources , PDF

Neha Titarmare, Nayankumar Hargule, Anand Gupta, An Overview of Honeypot Systems , PDF

Zeenat Nisa, Honeypots: Concepts, Types and Challenges , PDF

Abe Hayat Khan, Waseem Ullah Khan, Ilham Hamid, Arbab Waseem Abbas, Muhammad Hassaan Chaudhry, and Noor Ul Arfeen, Analysis and Implementation of Honeypot Framework for Enhancing Network Security , PDF

Tian Bin, Changhong Yu, Study on Application and Design of Honeypot Technology , PDF

Dr Balaji k, Yashaswini G T, Rakshita Itagi, Sahana L, Shreya Ravi Shastri, HONEYPOT IN NETWORK SECURITY PDF<br>This one is from the International Journal of Creative Research Thoughts, which is definitely predatory.

About Bruce Ediger

Comitted to sharing healthy lifestyle ideas with the world

rsquo honeypot honey design internet resource

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.