IBM plans to start offering an intrusion detection service that will masquerade as a group of servers on the network in order to trick hackers into revealing information about their attacks.
Code-named "Billy Goat," the service uses network virtualisation technology developed by researchers at IBM's Zurich Research Lab, said Charles Palmer, a department group manager with IBM. "It creates a virtual environment of hundreds or thousands of servers, depending on your IP space," he said. "It sits there and listens for traffic at all the IP addresses that don't exist."
Traffic that goes to these non-existent computers is likely to be from sources that are either misconfigured or malicious, he said.
Billy Goat compiles information on what kinds of messages are sent to these fictional computers, he said. "Any time it sees traffic destined for one of those addresses, it responds and says, 'Yeah, that's me.'"
The software's monitoring technology can also be used as a network configuration tool, because it can find software and devices that have been misconfigured on the network, Palmer said. "You can find a lot of traffic that shouldn't be there, whether it's evil or not."
Billy Goat will be commercialised through the On Demand Innovation Services, which IBM describes as a "partnership between IBM Research and (IBM) Business Consulting Services."
The service's code-name is a reference to the hapless goat used as dinosaur bait in the 1993 film Jurassic Park.