Trouble is that when the vandal wants to insert a picture of Minnie Mouse cuddling up to Kermit onto the home page of the National Bank of Grand Fenwick's website, he knows what IP address he has to attack - the one that the bank's customers and potential customers get when they ask the DNS network for http://WWW.NBGF.FENWICK.EU; so a honeypot on a different address isn't going to draw her (or him) off because it's obviously wrong. That of course doesn't mean that honeypots won't draw people off - but the people drawn off will not be script kiddies, because the script kiddies want to vandalise something whose address is well known, not something that doesn't have a well-known address.