Ловушка (Honeypot)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/honeypot/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/honeypot/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/honeypot/)Use the native HTML custom element.
Определение
Система-приманка или сетевой ресурс, предназначенный для привлечения и поимки злоумышленников, позволяя защитникам изучать методы атак и отвлекать угрозы от производственных активов. Ловушки обеспечивают раннее предупреждение о попытках вторжения.
Low-Interaction vs. High-Interaction Honeypots
A honeypot is a deliberately vulnerable decoy system designed to attract attackers and study their behavior. Low-interaction honeypots emulate services (fake SSH, fake HTTP) with minimal code — they capture credentials and payloads without risking real exploitation. High-interaction honeypots run full operating systems with real services, collecting richer intelligence at the cost of complexity and containment risk.
Honeynets and Canary Tokens
A honeynet is a network of honeypots that simulates an entire enterprise segment. Any traffic entering the honeynet is inherently suspicious. Canary tokens are a lightweight variant: a fake file, URL, or DNSDomain Name System. The hierarchical, distributed naming system that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34). Often called the "phonebook of the internet." hostname that fires an alert the moment anyone accesses it. A canary DNS query from an unexpected IP is a high-fidelity RansomwareA type of malware that encrypts a victim's files or locks their system, demanding payment (usually in cryptocurrency) for the decryption key. Modern ransomware often combines encryption with data exfiltration for double extortion. or insider threat signal.
Operational Considerations
Honeypots must be isolated from production infrastructure — a compromised high-interaction honeypot can pivot to real systems. Legal considerations apply: capturing attacker keystrokes may constitute interception in some jurisdictions. Penetration TestingAn authorized simulated cyberattack on a system to evaluate its security posture and identify vulnerabilities before real attackers do. Pen tests range from automated vulnerability scans to full red-team engagements. teams use internal honeypots (fake database credentials in config files) during red team exercises to test whether blue team detection logic fires. IP Lookup can geolocate and enrich attacker IPs captured by honeypot logs for threat intelligence reporting.