Honeypots mailing list archives
Re: New Paper - Redirection and Production Honeypots
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Wed, 28 Apr 2004 00:30:29 +0200
Le mar 27/04/2004 à 18:56, Bob a écrit :
The paper can be viewed at: http://www.eruditeaegis.net/papers.php The paper focuses on how redirection technology can be used to create a production honeypot solution that has many benefits over the current solutions offered. The proposed solution attempts to employ more than just the deception methodology to protect critical systems. Feedback is welcome and appreciated. As a side note, I am looking to get this paper published in a technical journal so any suggestions for such a forum would also be much appreciated. Thanks.
Hi. I've just add a quick overview at your paper. Very interesting. Franck Veysset (France Télécom R&D) and I, both from French Honeynet Project[1], are working on honeypot farms, and particulary on redirection technics for diverting trafic from production networks to a specific, multipurpose and isolated honeynet. We investigated and experimented tunneling approach, with GRE links, in order to redirect arbitrary public accessible IPs to an arbitrary honeynet (i.e. honeypot farm) within network or elsewhere on the Internet. We presentated this work at Eurosec2004. If our goal was to allow a better honeypot technology integration within production networks for warning and deception, we had a different approach from yours that is clearly interesting. We worked on full IP redirection or port redirection, using policy routing, for high interaction honeypots. I find your approach very interesting (different goal than ours) and I already see how we could implement it within our system using Linux gateways using Netfilter, but in a slightly different way for we do not want to alter packets in any way (so, no NAT) before they reach honeypots. I think we could have a very valuable exchange. BTW, I have to wake up early tomorrow morning and it's quite late in France, so I'll read your paper with great attention and send you comments. [1] http://www.frenchhoneynet.org/ -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
Current thread:
- New Paper - Redirection and Production Honeypots Bob (Apr 27)
- Re: New Paper - Redirection and Production Honeypots Cedric Blancher (Apr 27)