Hi all, I'm currently working on attack redirection between honeyd and a high-level interaction honeypot. The idea is to find interesting incoming connection to redirect them to the high-level interaction honeypot, and I have a few questions to ask to the list about that. So, the idea is : A TCP connection is handled by a daemon (honeyd, but it doesn't matter), and I want to set up a kind of proxy in front of this daemon to record and redirect connections transparently. Because this is an honeypot, I want to avoid the possibility for an attacker to detect something, this means : * The processing time has to be very short ; and * Several headers, such as sequence numbers, timestamp and so on, has to be rewrite. This kind of architecture is defined more deeply in : (p. 5/6, chap. 3) http://www.eecs.umich.edu/techreports/cse/2004/CSE-TR-499-04.pdf I guess that netfilter, and most probably libipq, can do that work. This is not properly the aim this list but I guess you can help me or perhaps just give me some directions. Regards, julien
