Honeypots and Honeynets
Read this brief article to understand how a honeynet is configured. What is the difference between a honeypot and a honeynet? What is the purpose of a honeynet?
A botnet is a jargon term for a network of computers under a central control point, often called a 'herder' (recently implementations of botnets are evolving toward a distributed control system). All the bots in the network are expected to work together over the Internet toward a single goal or task. Coordination is often established by using IRC or similar anonymous and high tragic systems (hence hampering detection). The word usually possesses negative connotations, but there are distributed online computing projects which are not necessarily malicious that can also fit the definition. Individual machines which are part of a botnet, or the scripts that are running on those machines are often referred to as 'zombies'. Botnets are capable of distributing large amounts of spam or denial of service attacks and are difficult to track down because they are not centralized' however, most botnets are not redundant and if one machine is discovered the entire net can usually be shut down. Wikipedia: Botnet
Some botnets are very large in scale and some experts believe that they will begin to cause large-scale problems if they are not combated. BBC article: "Criminals 'may overwhelm the web'" by Tim Weber
The individual machines that make up a honeynet are known as honeypots. Honeynets are groups of machines that are set up with the intention of attracting traffic from malicious or illegitimate activity. They are networks or individual computers set up only with apparent informational or production value, (basically a regular, benign user would have no reason or even ability to gain access to them, but would be easily accessible or attractive to malignity) and thusly it is assumed that all traffic they receive is not from benign sources. By setting up these honeynets as attractive targets for attack, such as weakly protected networks or spam traps, but actually firewalling or otherwise isolating them from real targets, and monitoring activity of connections, it is possible to gain information about botnets and other malicious activity.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.