Honey pots are nothing more than devices that are designed to emulate a host or a network to allow you to let the bad guys in and to be able to track what they're doing. A honeypot is a very, very common tool used by IT security professionals. whenever they're worried about somebody coming in. The whole idea of a honeypot is to emulate services that you would find on a typical host. For example, a honeypot would emulate a web server a honeypot could emulate an FTP server, a honeypot can emulate a DNS server, it will emulate most any server that you want. The trick about honey pots is not only will they emulate it, but then they will also log literally everything that's typed so that you can keep track and see what bad guys are trying to do.
Now there's lots of different honey pots out there. There are honey pots that are incredibly powerful and sophisticated and expensive. Or you can do like I'm doing here. And here's a wonderful free one called honeypot that I've actually got up and running right now, and I put it on my system right here. Now, unlike a real honeypot, what I've done is I've asked people around my office, this is internal to start trying to open up web browsers or FTP clients, or email or any kind of thing to see what happens when they approach the system. And if you take a look, we've actually got quite a few people coming in now, the what's important here and this is honeypot, by the way.
If you look at what ports are coming in on port 80, that's HTTP Port 22. That's SSH. We've got some DNS stuff coming in there DHCP stuffs rather, we've got 21, FTP. We've got all kinds of stuff going on. The problem with these honey pots is that for example, it's going to emulate a website. server but it doesn't emulate a very good web server.
So when people are logging in to this particular IP address, when they go into their browsers, they see just a ugly little under construction sign like this. And hopefully that's enough to get people to think that this is actually a real website, that a lot of more sophisticated attackers would recognize that this is a honeypot pretty much instantaneously. Well, and that's part of the reason why it's free because it simply doesn't give us a lot of detail, but it doesn't matter. We'll come back in here. What really becomes important on a honeypot is it gives us information, what port numbers are people trying to come in on. And it also gives the IP addresses now you'll notice here, everybody's local, because this is an internal network.
I don't want to have a real honeypot sitting on a public network right now because this is good enough to get you through the idea of what a honeypot does. Now, honey pots need to sit out on the public Internet. So one of the places we tend to put her Honey pots more often than not, is within the DMZ, the demilitarized zone. You might want to check other videos, we talked about DMZ quite a bit within the series. But the other important thing that the honeypot does is it logs everything a sophisticated honeypot would log every keystroke, everything anybody's entered. And what we can do is we can analyze that to see what type of attacks people are doing, what commands are they typing as they're trying to get in?
And what kind of havoc are they trying to wreak? Honey pots are very popular, but in a lot of situations, attackers aren't necessarily just going for one computer. What we see more and more is that attackers are going for networks. So what we can do is we can actually emulate not just an individual system, but a network and what's known as a honey net. You can get a lot of honey that's one of the places we see honey nets a lot is on virtual systems. Somebody will create four or five virtual machines and put them all within their own little network.
Really what they're doing is they're running honeynet software watching not only on individual systems, but in within the entire network to see what bad guys are trying to do.