Sinkholing is one technique that allows security researchers/responders the ability to monitor botnets, as well as proactively deny access to the bots from the botnet herders. Up until the release of HoneySink, all the sinkhole deployments out there have been point solutions with varying degrees of sophistication. All of them are inside jobs, from sinkhole setups that are consisting of DNS plus Apache, to full-blown setups like what Shadowserver employs.

HoneySink was developed by Adam as part of GSoc 2011.



Homepage is available here: https://redmine.honeynet.org/projects/sinkhole