One of the things that continues to grow in popularity is the deployment of honeypots and decoys on networks. Therefore, we want to deploy these in our architecture so that we can see how they react and what indications we can use to identify them when we encounter them.

There are a number of different honeypots that we might encounter, so we need to look at the characteristics that they exhibit. The best way to think of these is that there will be a number of ports that are shown as open; however, when you connect to them, they will not respond as expected.

The first honeypot that we will look at was created by Marcus Ranum many years ago when the Back Orifice tool was infecting machines around the Internet. The ...