1- Honeybot: Some call it a honeycomb, others a trap, and there are countless other names, but it serves the purpose of protecting your system or service.
For example, we'll discuss the Honeybot process on a service with an open SSH port for shell execution, sharing, and other functions.
The idea behind it: This honeybot makes the server appear very weak, as if it's riddled with vulnerabilities. However, it's actually an isolated environment, completely disconnected from the system – a form of sandboxing – to trick the attacker into thinking the server is vulnerable.
How it works: Honeybots operate in various ways, but we'll focus on the most important type: the type that gathers information about the hacker. How does this happen?
It works through what's called an Epport (Electronic Random Port), which is opened between you and the server to transfer information or data. Once this port is closed, what happens? Your server will disconnect.
Example: A hacker enters the trap. This trap contains fake information and data to deceive the hacker while it gathers information. For example, if the hacker pulls this data, you will then corrupt this data and let the hacker open it. This could allow you to gain access to it or gather information about it.
In short: Instead of trying to defend against and stop the hacker, turn your efforts into gathering information about the intruder.
Top comments (0)