Re: Honeypot webserver question

[Jess Garcia <jess () jessland net>]

You may want to take a look at Bait N Switch:

http://baitnswitch.sourceforge.net/

The project was discontinued long ago and the code never was very
stable, but the ideas still prevail.

JESS

ChayoteMu wrote:
> I tried to google info on this question but couldn't find anything
> specific to what I'm after so I'm sending this out to the list. Thanks
> in advance for any responses.
> Question:
> Is it possible to run a web server on a honeypot that will serve the
> pages and work as a regular server except with the extras of being a
> honeypot, ie logging and prevention measures? I'm asking because I had
> an idea for a pair of webservers behind an IDS/Firewall. Regular
> traffic goes to the primary web server but suspicious traffic gets
> dumped onto the honeypot server. This lets false positives view the
> site but not have access to any other services (FTP or anything else
> on the real server) and gives a good idea of what they'd try to do to
> the clean server so you could catch 0-days and such. And if you're
> bored you can update the honeyserver semi-regularly to get all the new
> goodies on there for attackers to go after (with some changes
> obviously). I know you can emulate web servers with various methods
> but I'm curious if there's somebody/group doing that now or a tool
> anyone knows of for it.
>