Hi,
I am writing this email to know some of your valuable suggestions as to
how we can use honeypot in a restricted environment.
Suppose if I want to install a honeypot in an environment where it
cannot get a public facing IP but the machine o which honeypot is to be
installed has an access to Internet
1. via another proxy or
2. via a DSL hub
Also, the machine does not have a static IP.
Now in this kind of environment I foresee that the honeypot client will
not be able to receive Internet traffic (including scan or attack or
other malicious binaries propagating..).
It maybe possible that we receive only broadcast traffic being forwarded
through the gateway.
Now, according to us, this is a very limited setup as demanded in a
normal honeypot setup. Does anyone still feel we can use our honeypot
for any other better purpose? Are there any other architectural solution
available to use honeypot concept although not having a static IP and
not visible on the Internet directly?
Any help/discussion on the same is most welcome.
Thanks & Regards,
Mayank
"DISCLAIMER:
This message is proprietary to iPolicy Networks-Security Products division of Tech Mahindra Limited and is intended solely for the use of the individuals to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. iPolicy Networks-Security Products division of Tech Mahindra Limited accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
Received on Nov 24 2008
Intro
