Distributed denial of service (DDoS) honeypots

What is claimed is: 1. A method of protecting a server hosting a website from distributed denial of service (DDoS) attacks, the method comprising: connecting a computerized device that includes a packet sniffer to an external network, the packet sniffer enabled to record all communications from the external network to the computerized device; recording, with the packet sniffer, a DDoS attack resulting from engaging a provider offering malicious services to attack the computerized device using the DDoS attack; obtaining, by the computerized device, values of parameters of the DDoS attack that are indicative of origin and methodology of the attack; and providing, by the computerized device, defensive actions to the server hosting the website for preventing future DDoS attacks based on the values of the parameters obtained; wherein engaging the provider includes, prior to recording the DDoS attack: searching the external network by a computer for advertisements by a plurality of websites offering to commit DDoS attacks, each individual website using at least one of a plurality of different methods of attack; selecting at least one of the plurality of sites based upon at least one of a method of attack, the IP address of the provider, and prior experience with the provider; and running a software program on the computer to electronically communicate with the provider via the external network, offering to pay for a DDoS attack on the computerized device; and the computer includes an IP address that is different from an IP address of the computerized device to be attacked; and wherein searching the external network by the computer for advertisements by websites offering to commit DDoS attacks further includes the computer using a different IP address from IP addresses of the server hosting the website and the computerized device. 2. The method of claim 1 , wherein selecting the at least one of the plurality of websites includes: scanning a memory location of the computerized device for presence of the selected site and the at least one of the plurality of methods; evaluating whether to engage the provider offering malicious services based at least in part on the presence of the selected site, the method and a date in the memory location; and storing the selected site, the method, and a current date in the memory location. 3. The method of claim 1 , wherein the obtaining values of parameters includes obtaining an IP address of at least one site on the external network from which the attack originates, the time of the attack, an IP protocol used in the attack, a HTTP header, and the type of attack. 4. The method of claim 3 , wherein obtaining values of parameters including the IP address of at least one site from which the attack originates includes measuring a number of attack locations, and whether each attack location is at least one of a group of servers, and a botnet. 5. The method of claim 3 , wherein the obtaining values of parameters including the type of attack includes determining at least one of a consumption of calculation bandwidth resources attack, consumption of data storage resources attack, consumption of processor resources attack, disruption of configuration information attack, disruption of state information attack, disruption of physical components of the computerized device attack, an Email bomb attack, consumption of communication media resources attack, a peer to peer attack, a botnet attack, a retransmission time-out attack, a SYN flood of TCP/SYN packets with forged sender IP addresses, a tear drop attack with improper IP address fragments with oversized payloads, spoofing by forging a sender IP address, an ICMP flood attack, a ping flood attack, a Smurf attack, and a file sharing hub Puppet Master attack. 6. The method of claim 1 , wherein the providing defensive actions to the server hosting the website includes providing at least some of the values of parameters of the DDoS attack that are indicative of origin and methodology of the attack, including at least one of an IP address of an attacking site, a method of the attack, a time of the attack, and an originator of the attack. 7. The method of claim 6 , wherein the providing defensive actions to the website includes using the values of parameters of the DDoS attack for identifying whether an attack is occurring, and implementing at least one of blocking incoming communications from the attack website IP addresses, blacklisting the IP address of an originator of the attack, initiating a take-down of an originator IP address, and communicating with law enforcement. 8. A system constructed and arranged to protect a server hosting a website from DDoS attacks, the system comprising: a computerized device communicatively connected to a network; a packet sniffer connected to the computerized device to detect communications from the network to the computerized device; a logic circuit connected to the computerized device to measure values of parameters of the communications from the network to the computerized device; a memory device connected to the computerized device to store the values of the parameters detected by the logic circuit; the logic circuit constructed and arranged to analyze the values of the parameters to determine if a communication from the network is a present DDoS attack, and determine at least one of an origin of the attack, a method of attack, whether a previous attack included parameter values within a selected range of the present attack, a method of defending against the present attack, and a method to shut down the attacker; and communication circuitry included in the computerized device to transmit from the logic circuit at least the method of defending against the present attack to the server hosting the website; wherein the logic circuit is further constructed and arranged to record a DDoS attack resulting from engaging a provider offering malicious services to attack the computerized device using a DDoS attack; wherein the logic circuit constructed and arranged to engage the provider is further constructed and arranged to, prior to recording the DDoS attack: search the network by a computer for advertisements by a plurality of providers offering to commit DDoS attacks, each individual provider using at least one of a plurality of different methods of attack; select at least one of the providers based upon at least one of a method of attack, the IP address of a provider, and prior experience with the provider; and run a software program on the computer to electronically communicate with the at least one of the selected providers via the external network, offering to pay for a DDoS attack on the computerized device; and the computer includes an IP address that is different from an IP address of the computerized device to be attacked; and wherein the logic circuit constructed and arranged to search the external network by the computer for advertisements by websites offering to commit DDoS attacks is further constructed and arranged to have the computer use a different IP address from IP addresses of the server hosting the website and the computerized device. 9. The system of claim 8 , wherein the computerized device has a different network address than the server or the website, and wherein the computerized device communicates to the server via the network and has no direct connection to the server or the website. 10. The system of claim 8 , wherein; an external agent communicates with the network to engage a provider offering malicious services to attack the computerized device with a DDoS attack, wherein the external agent has a different network address than the server, the website or the compu