Three Dead Giveaways a System is a Honeypot

Jason M. Pittman
8 min readJul 24, 2023
Photo by Bianca Ackermann on Unsplash

I love honeypots. I love designing and coding honeypots. Even more, I love finding ways to detect honeypots. Keeping that in mind, I want to talk about the three dead giveaways a system or service is a honeypot.

To baseline, the goal of a honeypot is to blend in. We want the system or service to appear legitimate and like any other system or service of the same type, protocol, and so forth. Doing so is easy if we use a real computer from the hardware up to the application stack. Even a virtual machine or container can truly appear legitimate. However, we run into limitations and potential issues with these types of honeypots. That’s why we turn to simulations and do our best to implement standard behaviors.

Yet, with these there are often signs that can give away its true nature. Here are three potential giveaways that a system might be a honeypot:

  1. Too Many Vulnerabilities: While honeypots are designed to appear vulnerable to attract attackers, a system that has too many vulnerabilities, especially outdated or uncommon ones, can be a red flag. Experienced attackers know that real systems are usually patched regularly and uncommon vulnerabilities are fixed, so a system with many known vulnerabilities can seem suspicious.
  2. Lack of Regular User Activity: Real systems usually have regular user…

--

--

Jason M. Pittman
Jason M. Pittman

Written by Jason M. Pittman

I am a forward-leaning innovator committed to solving tomorrow’s grand challenges by developing cutting-edge research and technology today.

No responses yet