February 14th, 2004, 02:16 PM
Honeynet with Linksys Switch
A friend and I are about to set up a Honeynet to do a little original research on time-to-compromise various operating systems (compromise taking the forms of worms, viruses, script kidz, depending on the specific setup). We've done some research from the Honeynet project and their book, Know Your Enemy , but I do have a question you may be able to help with..
My setup currently involves a Linksys BEFSR41 switch. It uses NAT to run multiple PCs on a single DSL/Cable line - will this hinder my ability to place multiple honeypot computers on my local network?
I've got the option of setting a single IP address to the DMZ and expose it to the world, but then that would limit our work to a single computer/OS at time, and prevent us from gathering data relating to compromises across a single small network...
Has anyone any experience with something like this? If the switch is a no-go, is there another type of equipment I could use behind my broadband connection to expose multiple PCs at once?