Security Basics mailing list archives
Re: attack redirection
From: "Daniel B. Cid" <danielcid () yahoo com br>
Date: 20 May 2003 10:46:36 -0400
You can use Snort+Guardian to do this work for you. You only need to add in the "guardian_block" script your redirection rule (using iptables, ipf, pf, route...). []`s Daniel B. Cid daniel () underlinux com br On Sat, 2003-05-17 at 13:36, Andy Cuff [talisker] wrote:
Hi Andrew What I suspect you are looking for is "bait n switch" check out http://violating.us/projects/baitnswitch/ <snip> The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system. Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linux's iproute2, netfilter, and custom code for now. We plan on adding additional support in the future if possible. </snip> Lance Spitzner got quite excited about this at CanSecWest, but then again I have never seen Lance (The HoneyAmbassador) not excited ;o) Sadly his presentation isn't up on the CanSecWest resources for download yet. My main concern about this technology is an increase in latency after the traffic is switched, not so much of a problem where the honeypot is local but potentially noticeable where a managed service honeypot is being used. hope this helps take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Andrew Elmore" <andrew.elmore () cyber-south com> To: <security-basics () securityfocus com> Sent: Friday, May 16, 2003 3:38 PM Subject: attack redirection Hey guys, I'm looking for some program to redirect an attack on my web server to a honeypot. Maybe triggered by number of hits in a given time or by certain requests. Does such a thing exist? Where can I get it? Or would I have to write some kind of script? Thanks for your help. Andy --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- attack redirection Andrew Elmore (May 16)
- Re: attack redirection Jon Baer (May 17)
- Re: attack redirection Ray Stirbei (May 19)
- Re: [Snort-inline-users] Re: attack redirection Lance Spitzner (May 19)
- Re: [Snort-inline-users] Re: attack redirection Jed Haile (May 19)
- Re: attack redirection Ray Stirbei (May 19)
- Re: attack redirection Jon Baer (May 17)
- Re: attack redirection Andy Cuff [talisker] (May 19)
- Re: attack redirection Daniel Cid (May 20)
- Re: attack redirection Daniel B. Cid (May 20)