Concealed Honeypots: Developing a Tunneling System


This work identifies and addresses approaches to developing a tunneling application for network traffic to and from multiple cloud VMs to a single honeypot device. This was accomplished by identifying the requirements for such a solution and examining the advantages and disadvantages of various technologies and approaches for effective implementation. The literature survey revealed that there are a variety of technologies and approaches that could be considered for implementing a tunneling solution. After a comprehensive evaluation of the technologies and approaches reviewed, we chose XDP as the base for our implementation. To evaluate the effectiveness of our tunneling application, we have identified the major requirements of scalability, throughput, and latency. Using a specially implemented test bed, we were able to simulate a realistic network scenario and evaluate a variety of network traffic types. The performance of our tunneling solution proved to be robust in all tested configurations and convincingly met the identified requirements. In our tests on a 1 Gbit link, our tunnel system consistently achieved a throughput of up to 317 Mbps, even under the challenging conditions of our virtual testbed, which does not offer hardware support for XDP. Despite these limitations, the introduced network latency remained remarkably low, consistently in the low microsecond range. This minimal processing latency in our test scenarios suggests that our application has the potential to scale with increasing complexity without adding significant latency. In the course of the evaluation, we also identified potential weaknesses in our implementation and in the approach using tunneling itself. Our findings not only serve as a survey of the current state of tunneling technologies but also provide valuable insights for future research and development in this area.

University of Vienna