[Labrea-users] TR: La Brea vs Dhcp
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
[Labrea-users] TR: La Brea vs Dhcp
|
From: Gordon, L. <Lor...@te...> - 2004-02-26 19:11:51
|
Interesting question ... lorgor -----Message d'origine----- De : Michael Envoy=E9 : 25 ao=FBt, 2003 15:40 =C0 : 'Gordon, Loren' Objet : RE: La Brea Loren, thanks for your reply. Sorry to hear LaBrea won't handle DHCP. Maybe in = the furure(hint hint). Would it be possible to have Labrea poll the DHCP = server for the ip addresses in use at that moment and then eliminate them from = the list of ip's it "camps" on? I'm thinking LaBrea could be a very = valuable tool to entriprise networks and ISP's. These days DHCP is the default = in large networks. iwas hoping to present this to my bosses at work who = have been going nuts because of all the port scan activity lately on our networks. Anyway thanks for your reply and congrats on a very sweet = tool. Mike -----Original Message----- From: Gordon, Loren Sent: Monday, August 25, 2003 6:25 AM To: Michael Subject: RE: La Brea LaBrea and dhcp don't live too well together. LaBrea "camps on" the = unused IPs and the Dhcp server blithely allocates them. Or worse yet, pings = them and discovers "something" is there. Better to allocate Dhcp to some = range of addresses and let LaBrea handle some other range of addresses. The question about multiple subnets is a good one. I don't think Labrea = in its current form will handle more than 1 subnet (IE capture range) per = NIC. If multiple NICs were used, or possible aliases on the same NIC, I = think multiple instances of Labrea would be required. However I have never = heard of anyone running multiple Labreas in the same machine. Some other quick thoughts / info. Have you looked at honeyd? Secondly, labrea-beta is almost to stable code. Have been too busy to get it done completely. Might be a better choice for you than current = labrea-stable. loren -----Message d'origine----- De : Michael Envoy=E9 : 24 ao=FBt, 2003 15:29 =C0 : 'lo...@us...' Objet : La Brea Our users have dynamic ip addresses. Could LaBrea be configured to dynamically "tarpit" only the unused ip's at that moment? Also, we use multiple subnets and lots of different masks to seperate users of = different types. Would multiple nic's be needed for each subnet or could LaBrea = handle perhaps thousands of available (unused) ip addresses on hundreds of = subnets? I know this is asking alot but I'd be interested in knowing if one huge beast of a machine with multiple eth connections (like a Sun Box) could handle this. Thanks. BTW, I really love this idea. LaBrea is brilliant. Mike |
