Home page logo
/

basics logo Security Basics mailing list archives

Re: attack redirection
From: "Daniel B. Cid" <danielcid () yahoo com br>
Date: 20 May 2003 10:46:36 -0400

You can use Snort+Guardian to do this work for you. You only
need to add in the "guardian_block" script your redirection rule (using
iptables, ipf, pf, route...).

[]`s

Daniel B. Cid
daniel () underlinux com br

On Sat, 2003-05-17 at 13:36, Andy Cuff [talisker] wrote:
Hi Andrew
What I suspect you are looking for is "bait n switch" check out
http://violating.us/projects/baitnswitch/
<snip>
The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out
of the shadows of the network security model and to make them an active
participant in system defense. To do this, we are creating a system that
reacts to hostile intrusion attempts by redirecting all hostile traffic to a
honeypot that is partially mirroring your production system.  Once switched,
the would-be hacker is unknowingly attacking your honeypot instead of the
real data and your clients and/or users still safely accessing the real
system. Life goes on, your data is safe, and you are learning about the bad
guy as an added benefit. The system is based on snort, linux's iproute2,
netfilter, and custom code for now. We plan on adding additional support in
the future if possible.
</snip>
Lance Spitzner got quite excited about this at CanSecWest, but then again I
have never seen Lance (The HoneyAmbassador) not excited ;o)  Sadly his
presentation isn't up on the CanSecWest resources for download yet.

My main concern about this technology is an increase in latency after the
traffic is switched, not so much of a problem where the honeypot is local
but potentially noticeable where a managed service honeypot is being used.

hope this helps
take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message ----- 
From: "Andrew Elmore" <andrew.elmore () cyber-south com>
To: <security-basics () securityfocus com>
Sent: Friday, May 16, 2003 3:38 PM
Subject: attack redirection


Hey guys,
       I'm looking for some program to redirect an attack on my web server
to a honeypot. Maybe triggered by number of hits in a given time or by
certain requests. Does such a thing exist? Where can I get it? Or would I
have to write some kind of script?
Thanks for your help.

Andy


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault