I have set up snort as an IDS on my linux system. Kippo honeypot is installed in my raspberry pi. Now whenever an attack is detected by snort, I want that attacker's IP to be redirected to kippo honeypot. How can we redirect malicious traffic to honeypot?
If you only have snort in IDS mode, you can't send packets to network from snort, you are totally transparent.
However, I would go for a different process polling log files, and sending packets in log with attacker IP as source and honeypot as destination.
If you are in IPS mode, it's possible to develop an active response with packet adaptation but it could be a little tricky. however, I would go with pooling anyway, and let snort just drop & report about the event.