RE: Honeypot and Policy Routing

["Andrew Hintz \(Drew\)" <drew () overt org>]

Are you thinking of something similar to this?

<http://violating.us/projects/baitnswitch/>

"The Bait and Switch Honeypot is a multifaceted attempt to take honeypots
out of the shadows of the network security model and to make them an active
participant in system defense. To do this, we are creating a system that
reacts to hostile intrusion attempts by redirecting all hostile traffic to a
honeypot that is partially mirroring your production system.  Once switched,
the would-be hacker is unknowingly attacking your honeypot instead of the
real data and your clients and/or users still safely accessing the real
system. Life goes on, your data is safe, and you are learning about the bad
guy as an added benefit. The system is based on snort, linux's iproute2,
netfilter, and custom code for now. We plan on adding additional support in
the future if possible."

> -----Original Message-----
> From: Nigel Clarke [mailto:nigel () 26354 net]
> Sent: Tuesday, April 08, 2003 2:18 PM
> To: honeypots () securityfocus com
> Subject: Honeypot and Policy Routing
>
>
> Has anyone done any work with policy routing and Honeypots?
>
> The next generation of routing and security equipment will be
> more intelligent <we hope> and possibly a hybrid of the existing
> technologies. In the mean time, administrators are required to divert
> traffic to Honeypots.
>
> Has anyone done any work where you used policy routing to route specific
> traffic to Honeypots?
> --
> Nigel Clarke
> Blade Runner #26354
> *Filed and Monitored*