[Labrea-users] Multiple versions/instances of Labrea
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
[Labrea-users] Multiple versions/instances of Labrea
|
From: Pierce, R. <rdp...@pr...> - 2004-07-29 23:28:59
|
Loren, =20 I'm wondering how one can run multiple copies of Labrea on the same network. =20 Ideally, to tarpit worms the quickest, you'd have a tarpit on every subnet since worms typically start out by portscanning their local subnet and moving outwards from there. However, since Labrea uses the same MAC address for all captured hosts, you'd end up with the same MAC out different interfaces of your switches and conflicting entries in your FDB's. =20 I know Labrea can be configured to use various interfaces on a box, can it be configured to return a different MAC address rather than the 0:0:f:ff:ff:ff one? =20 Thanks, =20 Bob Pierce |
