The Shell Game

  • Deploy Q5 among production assets
  • Dilute production assets and dramatically increase the chances that attackers will land in a honeypot
  • Use intrusion intelligence acquired by honeypots to safeguard valuable assets
  • Each Q5 appliance can support up to 20 decoy systems

This application is inspired by a shell game, where large numbers of realistic “shells” (honeynet decoys) are used to dramatically reduce the odds of discovering a single “pea” (true production servers). The Shell Game strategy is attractive in situations where production servers (e.g., web servers) are on the public DMZ network, and where these assets are known to the general public.

In this case, honeynet decoys are deployed among production servers. Since each Q5 can support as many as 20 decoys, a small number of appliances can be used to build a large decoy nework. As a result, attackers confront a highly diluted array of targets. Since the honeynet decoys are not deployed on the normal load-balancing/routing system, however, benign traffic will be unaffected.