... is not sendmail and just changing the banner from “smap” to “sendmail” will not fool the wise attacker. The higher the fidelity of the honeypot, the greater the risk.Where do you put a honeypot? ... traffic. In the slide above, the packet is addressed to TCP port 143, the IMAP service. If the site does not allow IMAP through the firewall, then there will never be a SYN/ACK response, the TCP ... Deception enables the organization to discover the method and motives of the attacker. Since the attacker believes that they are attacking a production system, they will open up their bag of tricks...