Honeypots mailing list archives

Re: Planning question

From: "Rodney Green" <rgreen () trayerproducts com>
Date: Tue, 3 Jun 2003 09:32:03 -0400

Your honeynet should be outside of your firewall and yes, ACLs on a router
or firewall are necessary. You'll also want to make sure that your honeyenet
machines can't be used as a launchpads for attacking other networks. You
would probably also do this with ACLs. I'm sure others on the list will have
more information on this.

Rod



----- Original Message -----
From: <Piotr.Linke () nokia com>
To: <honeypots () securityfocus com>
Sent: Tuesday, June 03, 2003 8:52 AM
Subject: Planning question


Hi all!

I'm going to set up a honeynet with few operating systems (Unix, Solaris,
2000, Redhat) and two types of IDSes - Snort and RealSecure. How can I
prevent an intruder from attacking other hosts from my honeypots after
compromising them? Should I set some ACLs on router or firewall?

Please advise,

Piotr.

Current thread:

Planning question Piotr.Linke (Jun 03)
- Re: Planning question Rodney Green (Jun 03)
- Re: Planning question Richard Stevens (Jun 03)
- Re: Planning question Davide Del Vecchio (Jun 03)
- <Possible follow-ups>
- Re: Planning question Garrett Sinfield (Jun 03)