|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dell, Jeffrey (JDell_at_seisint.com)
Date: Thu Jan 09 2003 - 08:27:56 CST
If you are looking for information about Snort-Inline check out "GenII Data
Control for Honeynets" at
http://www.sfhn.org/whites/gen2.html
Jeff Dell
South Florida Honeynet Project
-----Original Message-----
From: Pig Monkey [mailto:pig.monkey
gte.net]
Sent: Wednesday, January 08, 2003 5:52 PM
To: honeypotssecurityfocus.com
Subject: Re: Linux Snort-Inline Toolkit
There's a tid bit more information that I found useful here (under
GenII):
http://project.honeynet.org/papers/honeynet/
Modifing the activity is a really interesting approach to me (I'm just
starting to get interested in Honeypot/nets). Of course, anything is better
than just dropping outbound connection after so many times.
On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
> The Honeynet Project has been working with IDS Gateway technology
> for use as a Data Control mechanism. As many of you know, an IDS
> gateway combines the detection capability of a traditional NIDS,
> but adds the filtering capability of a firewall.
>
> Once such example is Snort-Inline, a modified version of Snort 1.9.
> Developed by Jed Haile, this patched version of Snort can not only
> detect malicious activity, but Drop or even Modify it.
>
> To help promote the understanding and development of Snort-Inline, the
> Honeynet Project has released the Linux Snort-Inline Toolkit. This
> toolkit has a statically precompiled Snort-Inline binary for Linux,
> documentation, and a rules converter script. You can find the toolkit
> at the Honeynet Tools section.
>
> http://www.honeynet.org/papers/honeynet/tools/
>
> As always, input and suggestions appreciated.
>
> Thanks!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]