Re: Honeypots and cluster computing

[Valdis.Kletnieks () vt edu]

On Tue, 02 Mar 2004 09:50:37 CST, DeVaris P Brown <dpbrown () uiuc edu>  said:
> Hi all. My name is DeVaris and I'm a student at the University of Illinois.
> I've been doing some basic honeypot research and someone asked me yesterday if
> honeypots could be applied to cluster computing without significantly slowing
> down processing speed? Has anyone done any investigation into this topic? If so
> I would love to collaborate on an upcoming project. Thank you in advance

Well... you could probably do it without slowing things down, because usually a
cluster has a high-speed internal network for its nodes, and then only 2 or 3
"front-end" nodes are attached to the outside world.  So (for instance) you can
park a port-80 http honeypot on all 500+ internal nodes, and never actually see
any packets.

A more important question is "Why do you suspect that a honeypot on a cluster
would *possibly* tell you anything interesting?"  I probably *could* install a
honeypot on the light pole on the sidewalk outside my office - but what would
that prove other than I've got waaay too much time on my hands?  On the other
hand, if I first theorize that this campus has a high incidence of wardrivers,
then a wireless beacon on that lamp post to capture them starts making more
sense....

Attachment: _bin
Description: