From: Christian K. <Chr...@ku...> - 2003-06-20 10:18:23
|
On Sun, 18 May 2003, Ray Stirbei wrote: > > Forescout ( http://www.forescout.com/index.html) sells a product that works > with commercial firewall and IPS vendors. It detects all kinds of scans and > returns dummy server information. Then any traffic to these dummy servers can > be filtered. You can replace the dummy server addresses with your > honeypot(s). > > I agree this would be a great feature to snort and I have copied the > snort-inline list. > Best regards > > I'm looking for some program to redirect an attack on my web server > > to a honeypot. Maybe triggered by number of hits in a given time or by > > certain requests. Does such a thing exist? Where can I get it? Or would I > > have to write some kind of script? There is already something similar to this, called Bait-n-Switch. While very beta, you may want to check it out. http://violating.us/projects/baitnswitch/ lance --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- |