Project: Multiple service-instances on single h-pot

[Daniel Roth <d00roth () dtek chalmers se>]

Hi!

Just have som quite brief questions on a project that I and 8 of my
friends (all taking a masters degree in computer science) have been
ordered to to do. The project in itself is rather complex, but one of the
parts involves setting up a honeypot in this way.

It is suppose to answer traffic directed to a computer on its inside LAN
on ports that aren't open on the particular computer. Furthermore, it
shall start up multiple instances of services to diffrent IPs trying to
connect to diffrent computers inside. So if an attacker A tries to connect
to a ssh service on computer A(which hasn't got any ssh-service) in our
LAN the honeypot shall answer with starting up a ssh-service to fool this
attacker.
Another ssh-service shall be started if attacker B tries the same to an
other computer on the LAN. But attacker C shall get access to the same
ssh-service as attacker A if he tries to connect to computer A. Hard to
describe, hope you all got it.

On top of that, ftp/telnet/webserver etc shall be simulated the same.

Comments about how this could be implemented / architected are more than
welcome. What about the performence of this "honeypot"? Anyone tried this
before and have any tips? How flexible is the honeyd written today, is it
possible to rewrite it to fit our needs? Are there other and better
honeypot-deamos?

Thanks in advance!

Daniel Roth

--
Daniel Roth
+46 (0) 7 36 36 29 46
d00roth () dtek chalmers se
--