Contributed by Alberto Gonzalez and Jason Larsen
Honeypots are a hot topic in the security research community right now. Everyone is starting up their own honeypot system. While most of current literature available on them deals with the potential gains a honeypot can give you, and how to monitor them, not very many of them deal with the mechanics of honeypots themselves.
Most honeypots as deployed from spare parts. Many start as just an extra box someone has lying around. A security savvy technician has slapped an OS on it, checksummed all the files, installed an IDS, and set about waiting for the hackers to arrive. These haphazard kinds of honeypots ignore some of the most interesting capabilities of honeypots. Honeypots can be used to ensnare and beguile potential hackers, entice them to give you more research information, and actively defend a production network.