Honeypots

pacbowl

Quick question. I know what honeypot servers are. What I'm wondering is how exactly do you make them more enticing than your regular server or what would you do to them that they attract more network attention than your regular DB server.

Doc

Put them outside of any firewall, with easy passwords for dictionary attacks or guesses to get. Having as many responsive ports as possible helps.

vonPoonBurGer

Having a DNS record that resolves to the honeypot's IP might help, but in most cases it'll be found using a network scanner like Nmap. If you look at that or similar tools, you'll see that they have multiple methods of detecting live hosts on a network. Beyond straight ping, there are a number of more exotic ways to determine whether or not there is a live system at a given network address. A good honeypot would respond to most or all of those methods, so no matter what type of scan is used, your honeypot shows up. Once it's been found, you're going to want it set up in the manner Doc described so that they're enticed to try cracking the system. Lots of open ports, old versions of server software that have known exploits, lack of security patches plugging OS security holes, etc.

supabeast

Make it part of a server farm for political blogs.