Honeypots are decoys. They mimic vulnerable services (e.g., an open port 22 running a fake SSH server). The goal is to lure attackers away from real assets and study their behavior. Touching a honeypot triggers immediate alarms.
Let’s simulate a stealthy penetration test against a target network that has a firewall, Snort IDS, and a possible honeypot. Honeypots are decoys
The first challenge lay in evading the IDS. Alex knew that these systems monitored network traffic for signs of malicious activity, so they opted for a stealthy approach. They used a technique called " fragmentation" to break down their packets into smaller, seemingly innocuous pieces. This made it difficult for the IDS to detect the malicious traffic, as it appeared to be just a series of harmless packets. Touching a honeypot triggers immediate alarms
Loud scans (like a full port scan) are the number one reason ethical hackers get caught. The IDS sees 1,000 connection attempts in 2 seconds and screams. Alex knew that these systems monitored network traffic