Honeypots mailing list archives

RE: Honeypot and Policy Routing

From: "Alberto Gonzalez" <albertg () cerebro wwjh net>
Date: Tue, 8 Apr 2003 19:44:09 -0700

Bait N Switch doesn't do "policy" routing. What we do is mark offending
packets with a 1
and have our custom routing tables route them through a specified
interface if they're marked. 
Can you call this 'policy routing?'. So we are routing 'specific'
traffic to our honeypots, instead
of just forwarding all major ports. Hope that helps!

 Cheers,
 Alberto Gonzalez

[1] - http://baitnswitch.sf.net
[2] - http://www.violating.us/projects/baitnswitch/ 

---
"Success comes to the person who does today, what you are thinking of
doing tomorrow." 
 
-----Original Message-----
From: Nigel Clarke [mailto:nigel () 26354 net] 
Sent: Tuesday, April 08, 2003 12:18 PM
To: honeypots () securityfocus com
Subject: Honeypot and Policy Routing


Has anyone done any work with policy routing and Honeypots?

The next generation of routing and security equipment will be 
more intelligent <we hope> and possibly a hybrid of the existing
technologies. In the mean time, administrators are required to divert
traffic to Honeypots. 

Has anyone done any work where you used policy routing to route specific
traffic to Honeypots?   
-- 
Nigel Clarke
Blade Runner #26354
*Filed and Monitored*

Current thread:

Honeypot and Policy Routing Nigel Clarke (Apr 08)
- RE: Honeypot and Policy Routing Alberto Gonzalez (Apr 08)
- RE: Honeypot and Policy Routing Andrew Hintz (Drew) (Apr 08)
- Re: Honeypot and Policy Routing Edward Balas (Apr 09)
- Re: Honeypot and Policy Routing Franck Veysset (Apr 09)