Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Garrolous firewall

From: Daniel Roth <d00roth () dtek chalmers se>
Date: Tue, 23 Sep 2003 17:14:57 +0200 (MEST)
Hi!

Posted about this project before, but in a kind of vague way, so I'll
describe it more generall now.

The project that has been issued to us students is about a "garrulous"
firewall (Gfw). However, that name is, at least in my opinion, pretty
missleading.

A small scetch of the system looks sometihing like this.


 Internet
   |
   | <-----------
   |             |
 firewall---->  Gfw 
   |
   |
  LAN (with public IPs)


If someone tries to access an unused IP the firewall will immediately
redirect all incoming traffic to the Gfw, which then shall act as a normal
honeypot.

If a computer on the LAN hasn't got a ftp-server running and someone
tries to access this service, the firewall will also redirect this traffc
to the gfw, which then has to check what kind of computer being accessed
is and fake the particular service being asked for.

Furthermore, the gfw shall interact with the firewall for dropping all
future packages from an obvious adverisary, in a certain timeframe. (and
of course after assembled as much information as possible)

One can say that out gfw shall act as many honeypots on a single machine.

All help/commants  we can get are  appriciated! Implementation/architecture ?
Any guesses on how much performance may be needed by the gfw for, lets
say, a calls C-net?

Hope it was a bit easier to follow this time.

Daniel

--
Daniel Roth
Undergrad. Masters' student
Computer Science
+46 (0) 7 36 36 29 46
d00roth () dtek chalmers se
--
Previous By Date Next
Previous By Thread Next

Current thread: