Honeypots mailing list archives
Garrolous firewall
From: Daniel Roth <d00roth () dtek chalmers se>
Date: Tue, 23 Sep 2003 17:14:57 +0200 (MEST)
Hi! Posted about this project before, but in a kind of vague way, so I'll describe it more generall now. The project that has been issued to us students is about a "garrulous" firewall (Gfw). However, that name is, at least in my opinion, pretty missleading. A small scetch of the system looks sometihing like this. Internet | | <----------- | | firewall----> Gfw | | LAN (with public IPs) If someone tries to access an unused IP the firewall will immediately redirect all incoming traffic to the Gfw, which then shall act as a normal honeypot. If a computer on the LAN hasn't got a ftp-server running and someone tries to access this service, the firewall will also redirect this traffc to the gfw, which then has to check what kind of computer being accessed is and fake the particular service being asked for. Furthermore, the gfw shall interact with the firewall for dropping all future packages from an obvious adverisary, in a certain timeframe. (and of course after assembled as much information as possible) One can say that out gfw shall act as many honeypots on a single machine. All help/commants we can get are appriciated! Implementation/architecture ? Any guesses on how much performance may be needed by the gfw for, lets say, a calls C-net? Hope it was a bit easier to follow this time. Daniel -- Daniel Roth Undergrad. Masters' student Computer Science +46 (0) 7 36 36 29 46 d00roth () dtek chalmers se --
Current thread:
- RE: question about honeyd 0.6a (linux) Meidinger Chris (Sep 23)
- Garrolous firewall Daniel Roth (Sep 23)
- RE: question about honeyd 0.6a (linux) Pascal Charest (Sep 24)