Menu
▾
▴
Re: [Snort-inline-users] Re: attack redirection
|
From: Willi W. <Wil...@ma...> - 2003-06-20 10:11:21
|
Snat and dnat rule keywords have been on my to do list for inline snort for a long time. When used in a rule, snat or dnat would allow you to do source or destination routing (via iptables) when a rule is triggered. This would allow you to redirect interesting stuff to a honeypot. Jed On Sunday, May 18, 2003, at 06:42 PM, Lance Spitzner wrote: > On Sun, 18 May 2003, Ray Stirbei wrote: > >> >> Forescout ( http://www.forescout.com/index.html) sells a product that >> works >> with commercial firewall and IPS vendors. It detects all kinds of >> scans and >> returns dummy server information. Then any traffic to these dummy >> servers can >> be filtered. You can replace the dummy server addresses with your >> honeypot(s). >> >> I agree this would be a great feature to snort and I have copied the >> snort-inline list. >> Best regards > >>> I'm looking for some program to redirect an attack on my web >>> server >>> to a honeypot. Maybe triggered by number of hits in a given time or >>> by >>> certain requests. Does such a thing exist? Where can I get it? Or >>> would I >>> have to write some kind of script? > > There is already something similar to this, called Bait-n-Switch. > While very beta, you may want to check it out. > > http://violating.us/projects/baitnswitch/ > > lance > > > > ------------------------------------------------------- > This SF.net email is sponsored by: If flattening out C++ or Java > code to make your application fit in a relational database is painful, > don't do it! Check out ObjectStore. Now part of Progress Software. > http://www.objectstore.net/sourceforge > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- |
