Honeypots mailing list archives
Re: A simple questions on redirecting
From: Fabian Bieker <fabian.bieker () web de>
Date: Sat, 7 Feb 2004 13:26:33 +0100
On Wed, Feb 04, 2004 at 05:07:09PM +0800, wanfat wu wrote:
HI All,
Hi,
I am a beginner in using honeypot(honeyd) and I need to work it as my final year project. But I have encountered a big problems. Basically, I can deploy Honeyd but the question is how to redirect "malicious" trafic or IP to my honeypot?
Have a look at bait'n switch ( http://violating.us/projects/baitnswitch/ ). Quoted from their website: "Project Definition: The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system. Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linux's iproute2, netfilter, and custom code for now. We plan on adding additional support in the future if possible." greets, Fabian -- BOFH excuse #432: Borg nanites have infested the server
Attachment:
signature.asc
Description: Digital signature
Current thread:
- A simple questions on redirecting wanfat wu (Feb 06)
- Re: A simple questions on redirecting Fabian Bieker (Feb 07)
- <Possible follow-ups>
- Re: A simple questions on redirecting gconnell (Mar 28)