Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: results of the first honeyd challenge (dynamic honeynet?)

From: Jose Nazario <jose () monkey org>
Date: Mon, 31 Mar 2003 08:27:17 -0500 (EST)
On Mon, 31 Mar 2003, Compton, Rich wrote:


Reading all of the great entries from the honeyd challenge gave me an
idea for a dynamic honeynet.  The problem that I have implementing a
honeypot is that it takes up IPs.  I have to reconfigure the honeypot as
soon as I need one of those IPs that's assigned on the honeypot.
Wouldn't it be nice to have a honeynet that looks for IPs in a subnet
that are not used (maybe by trying to ping them) and then creates a
honeynet for just those IPs. The honeypot could then see when one of
those IPs are being used and remove it from its configuration.


arpd already does this with honeyd. it watches for unanswered arp requests
and then assumes they're unoccupied. it then sends a reply and allows you
to occupy them.

it is a good idea, so good in fact that this is already done.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/
Previous By Date Next
Previous By Thread Next

Current thread: