The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense.
To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system.
Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linux's iproute2, netfilter, and custom code for now.
We have plans on adding additional support in the future if possible.
What's New in This Release:
· So it's beta release day. The final package is up, but largely unannounced. I've cleaned up the few bugs I knew about, added the blacklisting feature, tested and added features to electr0n's config script, and updated the documentation to the point where I think it's very useable and easy to understand.
· I have also added a baitnswitch-users mailing list through sourceforge.