Implementation of Honeynet and Honeypot in Network Infrastructure in Production Network
Nawshad Ahmed Evan, Md Raihan Uddin
TL;DR
The paper addresses securing production network infrastructure amid escalating cyber threats by deploying honeypots and honeynets as proactive decoys. It proposes a secure, hybrid model with a front-end decoy honeypot and a back-end honeynet, implemented in a GNS3-based lab with open-source tools and VMware-hosted sensors. Through real-time data collection using Pentbox and KFSensor, and DDoS-style tests with Slowloris, it demonstrates how attacker footprints can be captured and traced without impacting production services. Findings indicate the front decoy attracts reconnaissance and scanning, while the inner honeynet yields richer behavioral data, illustrating practical benefits for threat mitigation and forensic analysis in production-like environments.
Abstract
Network infrastructure in a production environment is increasingly targeted by attackers every day. Many resources and services now rely on the internet, making network infrastructure one of the most critical parts to protect, as it hosts numerous company resources and services. Several solutions have already been proposed to prevent attacks, minimize damage, and divert hackers and intruders. Among these, the honeypot stands out as a highly effective tool; it is designed to mimic both a scanner and an attacker, diverting and misleading them within a simulated, production-level environment. This paper will demonstrate the use of a honeynet where a honeypot acts like a real resource to deceive the attacker and analyze their behavior.