Security Basics mailing list archives
Re: [Snort-inline-users] Re: attack redirection
From: Jed Haile <jhaile () nitrodata com>
Date: Mon, 19 May 2003 08:55:04 -0600
Snat and dnat rule keywords have been on my to do list for inline snort for a long time. When used in a rule, snat or dnat would allow you to do source or destination routing (via iptables) when a rule is triggered. This would allow you to redirect interesting stuff to a honeypot.
Jed On Sunday, May 18, 2003, at 06:42 PM, Lance Spitzner wrote:
On Sun, 18 May 2003, Ray Stirbei wrote:Forescout ( http://www.forescout.com/index.html) sells a product that works with commercial firewall and IPS vendors. It detects all kinds of scans and returns dummy server information. Then any traffic to these dummy servers canbe filtered. You can replace the dummy server addresses with your honeypot(s). I agree this would be a great feature to snort and I have copied the snort-inline list. Best regardsI'm looking for some program to redirect an attack on my web server to a honeypot. Maybe triggered by number of hits in a given time or by certain requests. Does such a thing exist? Where can I get it? Or would Ihave to write some kind of script?There is already something similar to this, called Bait-n-Switch. While very beta, you may want to check it out. http://violating.us/projects/baitnswitch/ lance ------------------------------------------------------- This SF.net email is sponsored by: If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-inline-users mailing list Snort-inline-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-inline-users
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To!Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
Current thread:
- attack redirection Andrew Elmore (May 16)
- Re: attack redirection Jon Baer (May 17)
- Re: attack redirection Ray Stirbei (May 19)
- Re: [Snort-inline-users] Re: attack redirection Lance Spitzner (May 19)
- Re: [Snort-inline-users] Re: attack redirection Jed Haile (May 19)
- Re: attack redirection Ray Stirbei (May 19)
- Re: attack redirection Jon Baer (May 17)
- Re: attack redirection Andy Cuff [talisker] (May 19)
- Re: attack redirection Daniel Cid (May 20)
- Re: attack redirection Daniel B. Cid (May 20)