Re: [Labrea-users] LaBrea Configuration
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
Re: [Labrea-users] LaBrea Configuration
|
From: Don M. <dmu...@od...> - 2005-03-19 16:09:02
|
Hi there. We have two tarpits on our University network, and I wrote about them for my GCFW practical assignment. We ended up using the manual configuration files for LB - it seemed to work much better, and we could write perl scripts to generate the files as needed. See: http://www.giac.org/certified_professionals/practicals/gcfw/0528.php for my write up. - djm - ******************************************************** Don Murdoch, CISSP SANS: GCFW, GSEC, GCWN, GCUX, GCIH, GCIA ---...@li... wrote: ----- > LaBrea has been configured and running for quite a whle on our > corporate network. In the past few months, I've been working on a > small project to figure out why a specific machine's IP address keeps > getting captured by LaBrea. The machine is up and running all the > time and is a production machine. The beauty of LaBrea is that it's > not supposed to capture live IPs on machines. Well, as I was looking > into that machine thinking it was something misconfigured on the > machine itself, I reviewed the logs further and found other IPs from > live machines on the network being captured.abrea-users |
