Intrusion is the primary step to conduct various kinds of network attacks. Most of the intrusion detection and intrusion prevention systems (IDPS) that make use of signature can detect only known attacks, but cannot save resources from new form of attacks like internet worms. Thus, it is necessary to collect information about unknown intrusion dynamically. Honeypots are useful security mechanism that deliberately lure intruders to probe, attack or compromise the systems. This paper presents an agent based honeymesh for protecting the network resources like servers from intrusion related attacks. In our strategy, agent programs make use of decoyports to lure intruders and redirects to honeymesh to understand attackers’ activities. Also, the agents remove malicious processes and executable files on compromised server as soon as honeypots alerts those intrusions. This novel defense mechanism detects and removes new kinds of internet worms without using signatures. © 2016, Springer Science+Business Media New York.