What is it?
A honeypot is a trap intentionally set to attract malicious software or users. A simple example is a form field on a web page labelled “User Name” but which is rendered invisible when displayed on the screen. A computer scanning the page will fill this field in, but a human will not.
A scanner is computer software that searches for vulnerabilities in a network. Scanners can be used for ethical (help you identify weaknesses in your network) or for unethical (to find and exploit weaknesses in your network) intentions.
There are many kinds of scanning software available designed to test different server operating systems, intra versus Internet, authenticated versus non-authenticated scanning and many other niches.
Why is it a risk?
Because scanner software simply does the same things that humans might do (but much faster) it’s not easy to detect when your network has been scanned. More likely, your server will be identified if it is performing scans of other networks and triggers a honeypot.
If your IP address is identified as participating in scanning activity, then there are two possibilities:
1) You are a software security organization intentionally looking for vulnerabilities in your customer’s networks; this is a form of “Ethical Hacking.” This could back-fire, however, your IP address may be blocked if you are caught running a scanner.
2) Your server is infected with a virus that is using it to scan other systems for vulnerabilities.
How can you mitigate the risk?
Keep your firewall rules as “tight” as possible. Only allow access from known and trusted IP addresses.
Perform vulnerability scans on your own networks. It’s good to know your own weaknesses.
Keep up-to-date virus scanning software and run virus scans regularly.
The Beyond Trust link below describes a number of broad categories of network scanners and issues to consider when using them to test your own network for vulnerabilities.
The W3Schools link below provides more details, including specific products and descriptions of some UN-ethical scanning practices.
Resources:
Beyond Trust Vulnerability Scanning
https://www.beyondtrust.com/resources/glossary/vulnerability-scanning
W3Schools Scanning Techniques
https://www.w3schools.in/ethical-hacking/scanning-techniques/
