There are two primary types of honey pots:

• Production honey pots are installed within production systems at companies and corporations in order to mitigate the risks that attacker pose. These honey pots are primarily low-interaction level that gather less information but are easier to implement and maintain.
• Research honey pots are run primarily by non-profit private groups of volunteers, in government, and education. These honey pots gather significantly more information on the attacker and are generally used as a means of counter intelligence.

Levels involvement within the use Honey Pots:

• Honeyd (low-interaction): These daemons allow for a virtual network of honey pots to run on a single host. The honeyd uses unused IP addresses on the network and runs scripts that appear to an attacker to be services in order to give the appearance of a production system. Honeyd is licensed under GPL.
• mwcollect, nepenthes, honeytrap: mwcollect and nepenthes are both used to collect information on autonomous spreading malware and logs the attacker’s moves. It can then virtually download copies of the malware for analysis. Honeytraps listen in on TCP port connections for the attacks. Like the other two listed, honeytrap can download the attacking malware – then honeytrap can launch an attack on the initiator with the same software.
• Honeynet (High-Interaction): Network of real hosts that have stealth keyloggers and system event loggers. These systems may also be distrubted – meaning that the honeynet is setup in one location with many redirectors across the internet that link back to it (to avoid blacklisting from attacking software).