A honeypot is a single machine set up to simulate a valuable server or even an entire sub network. The idea is to make the honeypot so attractive that if a hacker breaches the network’s security, to be attracted to the honeypot rather than to the real system. Software can closely monitor everything that happens on that system, enabling tracking and perhaps identification of the intruder.
The underlying premise of the honeypot is that any traffic to the honeypot machine to be considered suspicious. Because the honeypot is not a real machine, no legitimate users should have a reason to connect to it. Therefore, anyone attempting to connect to that machine can be considered a possible intruder. The honeypot system can entice him to stay connected long enough to trace where is connecting from.
Figure Illustrates the honeypot concept:
Also See : What is Denial of Service Attacks (DoS)?