Honeypots mailing list archives
RE: Honeypot and Policy Routing
From: "Andrew Hintz \(Drew\)" <drew () overt org>
Date: Tue, 8 Apr 2003 20:34:25 -0500
Are you thinking of something similar to this? <http://violating.us/projects/baitnswitch/> "The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system. Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linux's iproute2, netfilter, and custom code for now. We plan on adding additional support in the future if possible."
-----Original Message----- From: Nigel Clarke [mailto:nigel () 26354 net] Sent: Tuesday, April 08, 2003 2:18 PM To: honeypots () securityfocus com Subject: Honeypot and Policy Routing Has anyone done any work with policy routing and Honeypots? The next generation of routing and security equipment will be more intelligent <we hope> and possibly a hybrid of the existing technologies. In the mean time, administrators are required to divert traffic to Honeypots. Has anyone done any work where you used policy routing to route specific traffic to Honeypots? -- Nigel Clarke Blade Runner #26354 *Filed and Monitored*
Current thread:
- Honeypot and Policy Routing Nigel Clarke (Apr 08)
- RE: Honeypot and Policy Routing Alberto Gonzalez (Apr 08)
- RE: Honeypot and Policy Routing Andrew Hintz (Drew) (Apr 08)
- Re: Honeypot and Policy Routing Edward Balas (Apr 09)
- Re: Honeypot and Policy Routing Franck Veysset (Apr 09)