Honeypots mailing list archives
RE: Dmz single Ip
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Mon, 3 Mar 2003 22:30:59 -0500
A suggestion would be to implement the Bait N Switch System which was just released last monday. with the Bait N Switch System you can direct "hostile" traffic to your honeypots. All other valid traffic will go where it is intended to go. So a VALID SSH session (ie: nothing looking suspicious) it will go where intended (to reach your firewall for example). Bait N Switch works great in 1 IP networks. So you have Traffic -> Bad? --> YES --> Honeypot | --> NO -> Production Machine (your firewall). Current setup requires iproute2, snort-1.9.0, and the bait n switch package. [1] - http://www.snort.org/dl/snort-1.9.0.tar.gz [2] - http://baitnswitch.sf.net && http://www.violating.us/projects/baitnswitch PS: We will be upgrading Bait N Switch to work with the newly release of snort 1.9.1 Cheers! --- Alberto Gonzalez, Intrusion Detection Engineer EDS - Global Security Operations Center Security and Privacy Professional Services -----Original Message----- From: faysspv () bellsouth net [mailto:faysspv () bellsouth net] Sent: Monday, March 03, 2003 2:39 PM To: honeypots () securityfocus com Subject: Dmz single Ip I've been kicking around the idea to setup a honeypot for some time. The only problem is I'm not sure how to keep my current test network running and implementing a honeypot. The problem is I have only one ip address and I need to be able to access my firewall and honeypot from the same port 22. Any suggestions would be appreciated.
Current thread:
- Dmz single Ip faysspv (Mar 03)
- Re: Dmz single Ip mike (Mar 03)
- <Possible follow-ups>
- Re: Dmz single Ip Michael Anuzis (Mar 03)
- Re: Dmz single IP mike (Mar 03)
- RE: Dmz single Ip Gonzalez, Albert (Mar 03)
- RE: Dmz single Ip Jacob Hurley (Mar 04)