HoneyLatency

["Andy Cuff \[talisker\]" <offthecuff () lineone net>]

Hi
</trivia>
Having just enjoyed an enthusiastic presentation at CanSecWest from Lance
Spitzner (The HoneyAmbassador) I have been updating the honepot page to
reflect the new technology(
http://www.networkintrusion.co.uk/honeypots.htm ).  If anyone hasn't seen
Lance present honeypots I'd highly recommend it, he hasn't quite got to the
stage where geeks are throwing their underwear on stage but it was heading
that way, it was even sufficient for me to buy his new book.
<\trivia>

I still have some doubts about remotely managed HoneyServices  where
neighboring IP addresses will have vastly differing latency, to a lesser
extent the same would apply to bait-n-switch technology.  Moreover, unless
the remote honeynet modifies traffic all the honeynet traffic will have very
similar latency.

I understand that HoneyTechnology whilst evolving very quickly has some way
to go but feel that HoneyDevelopers could take measures to overcome the
bait-n-switch issue fairly trivially. (if they haven't already)

HoneyD has already addressed this issue by varying latency, but how can this
be achieved for a managed HoneyService without slowing the genuine traffic,
which would have significant performance connotations

thoughts?

Apologies to all at core03 who I forced to drink Talisker, it was a pretty
rough bottle, even by my low standards.
take care
-andy cuff
Taliskers Network Security Tools
http://www.networkintrusion.co.uk