Honeypots mailing list archives
Network architecture for honeypots?
From: "Williams Jon" <WilliamsJonathan () JohnDeere com>
Date: Tue, 6 Jul 2004 09:49:31 -0500
I'm in the process of building a honeypot for one of my clients using honeyd. The goals are simple, provide an endpoint for misconfigured software, worms, etc. to connect with so the IDS will see more than TCP SYNs and RSTs. The client's network is pretty simple, a handful of sites with internal traffic statically routed and everything else following a default to nowhere. An analysis of the network traffic following the default route showed that there was no functional activity that required the default route. I'd proposed changing the default route to point at the honeypot, but before they made the change, they checked with their network vendor to see what issues might come up. Their network rep said that he was unaware of anyone doing this, which kind of surprised me. Am I totally off-base here? Is anyone else out there doing something similar? If not, what should I be doing to get the junk traffic to the honeypot? Thanks. Jon
Current thread:
- Network architecture for honeypots? Williams Jon (Jul 06)