What is a honeypot? How it can lure cyberattackers

May 26, 2020

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply

If you’ve ever wondered how the good guys on the internet go after the bad guys, one way is something called a honeypot. You see, in addition to the security measures you might expect, such as strengthening a computer network to keep cybercriminals out, the good guys use a honeypot to do just the opposite — attract the bad guys.

A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate.

You may not have heard of them before, but honeypots have been around for decades. The principle behind them is simple: Don’t go looking for attackers. Prepare something that would attract their interest — the honeypot — and then wait for the attackers to show up.

Like mice to cheese-baited mousetraps, cybercriminals are attracted to honeypots — not because they’re honeypots. The bad guys think the honeypot is a legitimate target, something worthy of their time. That’s because the bait includes applications and data that simulate a real computer system.

What is the difference between black, white and grey hat hackers?

Not all hackers are inherently bad. When used in mainstream media, the word, hacker, is usually used in relation to cyber criminals, but a hacker can actually be anyone, regardless of their...

How do honeypots work?

If you, for instance, were in charge of IT security for a bank, you might set up a honeypot system that, to outsiders, looks like the bank’s network. The same goes for those in charge of — or researching — other types of secure, internet-connected systems.

By monitoring traffic to such systems, you can better understand where cybercriminals are coming from, how they operate, and what they want. More importantly, you can determine which security measures you have in place are working — and which ones may need improvement.

Honeypot example

In 2015, internet security experts set up an online railway control system as honeypot bait. The goal was to study how criminals would attack projects where they could put the public at risk. In this case, the only damage done was to a model train set at a German technology conference. Over two weeks, the so-called “HoneyTrain” suffered 2.7 million attacks.

What could be at stake?

Stealing personal information from online targets is one thing. Targeting public transportation systems is another. Beyond the IoT devices and the HoneyTrain, researchers have used honeypots to expose vulnerabilities with medical devices, gas stations, industrial control systems used for such things as electrical power grids, and more.

Given all the attention that the bad guys get for their hacking and data breach efforts, it’s good to know that the good guys have a few tricks up their sleeves to help protect against cyberattacks.

As more and more devices and systems become internet-connected, the importance of battling back against those who use the internet as a weapon will only increase. Honeypots can help.

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.