This section is part of the amber and green pathways.
Sometimes network administrators want to study attacks, either so the attackers’ methods can be understood more fully and countermeasures prepared, or as part of an investigation that might lead to civil or criminal prosecutions.
One method of safely studying an attack is to deflect attackers towards an isolated computer or network which appears to be completely legitimate, but is in fact a closely-monitored trap known as a honeypot. There, every action performed by the attacker can be recorded and analysed without risking important data.
Honeypots are also used by researchers to identify new attacks that are circulating in the hacking community, as well as by anti-spam organisations which use them to identify the location and identities of spam email senders.