[Labrea-users] Using labrea outside a firewall infront of a class B network.
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
[Labrea-users] Using labrea outside a firewall infront of a class B network.
|
From: Royston B. <Bo...@li...> - 2004-05-01 04:52:46
|
Hi, We are in the unenviable position of having a Class B network at the end of a 1Mb/s frame circuit. I would like to use labrea infront of my firewall. I've been testing honeyd, and it can only respond to traffic that is ARPd for on the small (/24) network in front of the firewall. I guess this is the same for labrea. So I wondered what other people did? Our firewall is a netscreen appliance, and I would rather not route the scanning traffic through the firewall just to tarpit it as then I'll probably run out of sessions rather than bandwidth. I had hoped there might be something I could do with labrea, in a promiscous mode to hijack traffic destined for the firewall and tarpitting the connection, or failing that perhaps using snort with some kind of sticking flex response, but I didn't find one. Anyone got any ideas? Regards Royston |
