IBM's Business Consulting Services unit plans to start offering an intrusion detection service that will masquerade as a group of servers on the network in order to trick hackers into revealing information about their attacks.
Code-named "Billy Goat," the service uses network virtualization technology developed by researchers at IBM's Zurich Research Lab, said Charles Palmer, a department group manager with IBM. "It creates a virtual environment of hundreds or thousands of servers, depending on your IP [Internet Protocol] space," he said. "It sits there and listens for traffic at all the IP addresses that don't exist."
Traffic that goes to these nonexistent computers is likely to be from sources that are either misconfigured or malicious, he said.
IP addresses are numbers used to identify computers on the Internet. Companies with a large number of computers are typically assigned a range of these unique addresses, many of which may not be used.
Billy Goat compiles information on what kinds of messages are sent to these fictional computers, he said. "Any time it sees traffic destined for one of those addresses, it responds and says, 'Yeah, that's me.'"
The software's monitoring technology can also be used as a network configuration tool, because it can find software and devices that have been misconfigured on the network, Palmer said. "You can find a lot of traffic that shouldn't be there, whether it's evil or not."
Billy Goat will be commercialized through the On Demand Innovation Services, which IBM describes as a "partnership between IBM Research and Business Consulting Services."
The service's code-name is a reference to the hapless goat used as dinosaur bait in the 1993 film Jurassic Park.
More information on Billy Goat can be found here