|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Geoffrey Hing (hing
cis.ohio-state.edu)Date: Fri May 03 2002 - 05:00:30 CDT
I am building a honeynet using user-mode-linux and have gotten the
networking set up. Based on reading the UML documentation, I have the
networking configured to use tun/tap for networking between the physical
host and a virtual host acting as a gateway and the switch daemon to
network the virtual hosts. Now I am ready to start setting up the
firewall and the IDS (I plan to use snort), but I am unsure of where I
should do this. The obvious choice to me seems to be on the virtual
gateway. As far as I know, the physical host isn't able to see the
network traffic between the virtual hosts networked with the switch
daemon so to see this traffic I should have the IDS on the virtual
gateway which has both a tap interface and an interface that uses the
switch daemon. Similarly, since the virtual gateway is the gateway for
all the other honeypots it seems the natural place to implement the
firewall rules. Does this seem right? Has anyone had better success
with other configurations using user mode linux?
Cheers,
Geoff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA80l++qEePlt3k/oIRAm5YAJ9tue2zakYrYrkO4n8Og0yfIrqlfwCg6Z4+
AhEoUOkLVhHDIE6dVw84sIU=
=gmOJ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]