[Tool] Bait and Switch Honeypot

This is a pretty nifty tool Ive followed for some time.

For those unfamiliar with what a honeypot is, here is a brief definition. A honeypot is a system that is designed to mimic a real production environment. There are different types of honeypots, but they both share the same goal; effective observation and research of hackers and their behavior. By setting up a honeypot, researchers (or security personnel) can create an environment to distract, or in some cases draw in, hostile hackers. They can then observe the attackers activities and learn about his techniques. Most likely the hacker will eventually discover that the honeypot is not real (although there are a ton of honeypots with different functionality), but until then he has been effectively deterred.

Up until recently, Honeypots have really only served those purposes. Not really an active participant in system defense. Thats what ‘Bait and Switch’ does. This honeypot is configured to mimic a production server that is likely to be targeted by hackers. When an attack is detected, its traffic is routed to the ‘bait and switch’. Therefore, the attack has been successfully mitigated while leading the hacker to believe that he has been successful.

here is the definition of ‘Bait and Switch’ as found on its website:

The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system.  Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system. Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linux’s iproute2, netfilter, and custom code for now…

For more information on Bait and Switch, check out their sourceforge here!

for more information about honeypots, check out the honeynet project.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: