OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dell, Jeffrey (JDell_at_seisint.com)
Date: Thu Jan 09 2003 - 08:27:56 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    If you are looking for information about Snort-Inline check out "GenII Data
    Control for Honeynets" at
    http://www.sfhn.org/whites/gen2.html

    Jeff Dell
    South Florida Honeynet Project

    -----Original Message-----
    From: Pig Monkey [mailto:pig.monkeygte.net]
    Sent: Wednesday, January 08, 2003 5:52 PM
    To: honeypotssecurityfocus.com
    Subject: Re: Linux Snort-Inline Toolkit

    There's a tid bit more information that I found useful here (under
    GenII):
    http://project.honeynet.org/papers/honeynet/

    Modifing the activity is a really interesting approach to me (I'm just
    starting to get interested in Honeypot/nets). Of course, anything is better
    than just dropping outbound connection after so many times.

    On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
    > The Honeynet Project has been working with IDS Gateway technology
    > for use as a Data Control mechanism. As many of you know, an IDS
    > gateway combines the detection capability of a traditional NIDS,
    > but adds the filtering capability of a firewall.
    >
    > Once such example is Snort-Inline, a modified version of Snort 1.9.
    > Developed by Jed Haile, this patched version of Snort can not only
    > detect malicious activity, but Drop or even Modify it.
    >
    > To help promote the understanding and development of Snort-Inline, the
    > Honeynet Project has released the Linux Snort-Inline Toolkit. This
    > toolkit has a statically precompiled Snort-Inline binary for Linux,
    > documentation, and a rules converter script. You can find the toolkit
    > at the Honeynet Tools section.
    >
    > http://www.honeynet.org/papers/honeynet/tools/
    >
    > As always, input and suggestions appreciated.
    >
    > Thanks!