I recently came across this project Project Nova and found the concept intriguing when the idea of ‘hack-back’ is so prevalent but due to necessary legal constraints often renders this course of action prohibitive. So being a fan of the work produced by DataSoft I wondered if there ways to move the technology forward. At the heart of the technology there are two key components: 1. the network traffic identifier and the dynamic honeypot creation.
Today I was given an interesting tip to check out the Cisco Traffic Anomaly Detector, combined with some modern day honeypot technology this could really be a nice solution to dealing with incoming threats and enabling later analysis
And that’s all for now