Re: A simple questions on redirecting

On Wed, Feb 04, 2004 at 05:07:09PM +0800, wanfat wu wrote:
> HI All,
Hi,

> I am a beginner in using honeypot(honeyd) and I need
> to work it as my final year project. But I have
> encountered a big problems.
> Basically, I can deploy Honeyd but the question is
> how to redirect "malicious" trafic or IP to my
> honeypot?
Have a look at bait'n switch
( http://violating.us/projects/baitnswitch/ ).

Quoted from their website:
"Project Definition: The Bait and Switch Honeypot is a multifaceted
attempt to take honeypots out of the shadows of the network security
model and to make them an active participant in system defense. To do
this, we are creating a system that reacts to hostile intrusion attempts
by redirecting all hostile traffic to a honeypot that is partially
mirroring your production system.  Once switched, the would-be hacker
is unknowingly attacking your honeypot instead of the real data and your
clients and/or users still safely accessing the real system. Life goes
on, your data is safe, and you are learning about the bad guy as an
added benefit. The system is based on snort, linux's iproute2,
netfilter, and custom code for now. We plan on adding additional support
in the future if possible."

greets,

        Fabian

--
BOFH excuse #432:
Borg nanites have infested the server