Honeynets & Honeypots
How does the Honeynet system operate?
Honeypots are well-placed, vulnerable systems that distract an attacker or enemy from the actual target. By particularly attractive appearances the attacker is lured from the main target in a different direction and by a first "contact" the alarm is triggered in honeynet!
Any traffic to or from the network is suspected by definition, since this is not a productive network. This means, that the Honeypot services are not services offered by the user or his communication partners and are therefore never addressed in normal operation.
The attacker is not able to distinguish between productive systems and honeypots. He is scanning all network components for vulnerabilities - so sooner or later he will use the service offered by a honeypot. The above mentioned contact is logged and an alarm is triggered.
The concept that the network has no productive traffic makes it easier4 to collect and analyze data.