Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Dell, Jeffrey (JDell_at_seisint.com)
Date: Thu Jan 09 2003 - 08:27:56 CST
If you are looking for information about Snort-Inline check out "GenII Data
Control for Honeynets" at
South Florida Honeynet Project
From: Pig Monkey [mailto:pig.monkeygte.net]
Sent: Wednesday, January 08, 2003 5:52 PM
Subject: Re: Linux Snort-Inline Toolkit
There's a tid bit more information that I found useful here (under
Modifing the activity is a really interesting approach to me (I'm just
starting to get interested in Honeypot/nets). Of course, anything is better
than just dropping outbound connection after so many times.
On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
> The Honeynet Project has been working with IDS Gateway technology
> for use as a Data Control mechanism. As many of you know, an IDS
> gateway combines the detection capability of a traditional NIDS,
> but adds the filtering capability of a firewall.
> Once such example is Snort-Inline, a modified version of Snort 1.9.
> Developed by Jed Haile, this patched version of Snort can not only
> detect malicious activity, but Drop or even Modify it.
> To help promote the understanding and development of Snort-Inline, the
> Honeynet Project has released the Linux Snort-Inline Toolkit. This
> toolkit has a statically precompiled Snort-Inline binary for Linux,
> documentation, and a rules converter script. You can find the toolkit
> at the Honeynet Tools section.
> As always, input and suggestions appreciated.