My main concerns regarding the LaBrea are the followings:
1. Nessus scanner has a setting "Scan for Labrea tarpitted hosts", and I
think I nessus knows how to bypass it so at least from that point of view
nessus renders Labrea useless (just may guess, correctme if I wrong)
2. LaBrea takes a hold of free addresses in ip range and maek them appear as
bogus virtual hosts. I have 3 devices assigned public ip address and 10
devices NATed from reserved IPs to Public IPs...how Labrea will figure out
that there are NATed addresses on the subnet, cause if it won't figure it
out then traffic will be 'redirected to Labrea instead of legal hosts.
Thos are my main concerns, some comments please?
----- Original Message -----
From: "Fyodor" <fygravetigerteam.net>
To: "Hugo Ferr" <snortgrphotmail.com>
Cc: <snort-userslists.sourceforge.net>
Sent: Wednesday, June 05, 2002 10:11 PM
Subject: Re: [Snort-users] LaBrea

> Hugo Ferr <snortgrphotmail.com> spoke:
> > I know it's out of the topic...but information on the web is vey limited
> > regarding the LaBrea program, and I just looking for someone who
implemented
> > it and who is able to provide some feedback, starting from "does it
really
> > stop scans (makes them really slow)?"..etc
>
> Not really much of slow-down for the syn scans, but it does confuse things
quite a bit ;-p
>

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]