Re: [Snort-inline-users] Redirect traffic

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

you shouldn't have to patch anything, just look at the README.INLINE.
This functionality is already built into the snort_inline source code.
 The patch you are talking about is for the bns project from the
violating.us guy's.  You don't need to apply this patch you only need
to download snort-inline-2.4.4-final and see the README.INLINE and the
snort_inline.conf to see how to use bait-and-switch.

download the source from

http://snort-inline.sourceforge.net/download.html

Regards,

Will

On 5/7/06, ikami <ik...@ya...> wrote:
>
> One question: Bait and Switch HoneyPot only works with snort.1.9.1?
> When I tried to install it (on step 3) it asks for the archive bns.diff. =
I
> write the path of the bns.diff and an ERRO occurs
> Copy of the ERRO:
>
> 1) Set Up Routing Tables. (**RUN ONCE PER MACHINE**)
>  2) Configuration
>  3) Patch Snort (ONLY AFTER OPTION 2)
>  4) Exit
>  Your Choice: 3
>
>  Path to bns.diff (ie: /root/bns/snort/bns.diff)
> /usr/local/ids/bns/snort/bns.diff
> patching file src/Makefile.in
> Hunk #1 FAILED at 170.
> 1 out of 1 hunk FAILED -- saving rejects to file src/Makefile.in.rej
> patching file src/output-plugins/Makefile.am
> Hunk #1 FAILED at 9.
> 1 out of 1 hunk FAILED -- saving rejects to file
> src/output-plugins/Makefile.am.rej
> patching file src/output-plugins/Makefile.in
> Hunk #1 FAILED at 90.
> Hunk #2 FAILED at 106.
> 2 out of 2 hunks FAILED -- saving rejects to file
> src/output-plugins/Makefile.in.rej
> patching file src/output-plugins/spo_alert_bns.c
> patching file src/output-plugins/spo_alert_bns.h
> patching file src/plugbase.c
> Hunk #1 succeeded at 110 with fuzz 2 (offset 7 lines).
> Hunk #2 FAILED at 153.
> 1 out of 2 hunks FAILED -- saving rejects to file src/plugbase.c.rej
>  done patching...
>  exit or menu [e/m]:
>
> I am asking on version of snort because there is a directory called 'snor=
t',
> where the bns.diff is located. In that directory ,snort, there is another
> direcrory called ' non-production' and inside of it are the following
> archives:
> bns-snort-1.9.0.diff
> bns-snort.1.9.1.diff
> spo_alert_bns.c
> spo_alert_bns.h
>
> I have the snort-2.4.4.
>
> Again, sorry for the errors of English.
>
> Thanks
>
>
> Will Metcalf <wil...@gm...> escreveu:
>
> download the tarball, look at the doc/README.INLINE in the source
> file. It discusses how to use bait-and-switch to accomplish this.
>
> Regards,
>
> Will
>
> On 5/6/06, ikami wrote:
> >
> > Hi guys,
> > Sorry for my english but I`m good on it. I just know to read in english
> and
> > thus very badly.
> > I have 2 weeks to finish a project and I don`t know how to do one thing=
. I
> > have a network with 3 machines. 1) Router with snort and iptables, 2) W=
eb
> > server 3) honeypot.
> > My problem is: I want to redirect all the malicious traffic to the
> honeypot
> > insted of the web server. Searching for a solution on GOOGLE I found th=
e
> > snort_inline project. My doubt now is: Snort_inline can do this redirec=
t?
> If
> > yes any one can explain me how?
> >
> > Thanks
> >
> >
> >
> >
> > ________________________________
> > Yahoo! Search
> > Imposto de Renda 2006: o prazo est=E1 acabando. Fa=E7a j=E1 a sua decla=
ra=E7=E3o no
> > site da Receita Federal.
> >
> >
>
>
>
>
>  ________________________________
>  Abra sua conta no Yahoo! Mail - 1GB de espa=E7o, alertas de e-mail no ce=
lular
> e anti-spam realmente eficaz.
>
>