Abstract: Honeypot is a new kind of the defense technology, which can defend the Internet attack actively and collect the important evidence of the attackers. The techniques of realizing collecting evidence by honeypot include Internet deception, port reaction, data seizure, data analysis and data control etc, which help to improve the detection level and reactivity of dynamic protection system. Running honeypot may result in some technical risks, therefore, it is necessary to control the risks by choosing low-risk honcypot, intensifying data seizure and alarm function and increasing the link control and route control therefore etc. As to the legal problems, including entrapment, privacy right and liability, we can solve them by undue-temptation prohibition, privacy right hint and cautious supervision.

Key words: Honeypot, Risk, Deception, Collecting evidence, Liability