What type of services do low-interaction honeypots emulate?

Low-interaction honeypots are designed to emulate a limited number of services and applications. This characteristic allows them to be lightweight and easier to manage compared to high-interaction honeypots, which simulate an entire operating system and a wide range of services and applications. Low-interaction honeypots typically imitate only the most common ports and services that are attractive to attackers, such as HTTP or FTP, without providing full system capabilities. This limited interaction is intended to gather intelligence about attack patterns while minimizing the risk of compromising an actual system.

By focusing on a few key services, low-interaction honeypots can effectively attract malicious activity, allowing security professionals to analyze and learn from unauthorized attempts to access those specific services. This setup is beneficial in environments where resource allocation and security risks need tight control.