Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding the Network Honeypot Rulebase

    The Network Honeypot rulebase is a method to detect reconnaissance activities.

    A network honeypot is an apparently vulnerable system that draws the attention and action of attackers. In an IDP network honeypot, the IDP Series device impersonates ports on protected servers.

    When you create rules for the Network Honeypot rulebase, you specify:

    • A destination/service match condition
    • Operation mode
    • Response options
    • Notification options

    Note: The IDP Series device drops MPLS traffic that matches a Network Honeypot rule. When the IDP engine processes MPLS traffic, it stores the MPLS label information. It stores separate labels for client-to-server and server-to-client communication. In the case of traffic that matches Network Honeypot rules, there is no genuine server-to-client communication, so the IDP engine does not have server-to-client MPLS label information. Therefore, the impersonation operation cannot be supported for MPLS traffic.

    Published: 2011-02-08