Re: problem with snort

[Sebastian Garcia <sgarcia () citefa gov ar>]

I think you are needing BaitnSwitch.

http://baitnswitch.sourceforge.net/

> From proyect site:

"Project Definition: The Bait and Switch Honeypot is a multifaceted
attempt to take honeypots out of the shadows of the network security
model and to make them an active participant in system defense. To do
this, we are creating a system that reacts to hostile intrusion attempts
by redirecting all hostile traffic to a honeypot that is partially
mirroring your production system.  Once switched, the would-be hacker is
unknowingly attacking your honeypot instead of the real data and your
clients and/or users still safely accessing the real system. Life goes
on, your data is safe, and you are learning about the bad guy as an
added benefit. The system is based on snort, linux's iproute2,
netfilter, and custom code for now. We plan on adding additional support
in the future if possible."

Cheers.

sebas



On Fri, 2005-06-03 at 08:02 -0700, tommy garsia wrote: 
> Hi all, 
>
> my name is tommy, and i want to develop a honeynet
> using 3 honeypots..
> i want to ask about the snort...
> how can i switch the connection from the outside when
> i know there is some threat to my system to the
> honeypot ip that i used..
> in this case my honeypot system's ip is 10.252.9.188..
> I want to switch the attacker connection to my
> honeypot system,..what should i do with my snort...
> is there any configuration that i must use?
>
> best regards,
>
>
> tommy
>
>
>               
> __________________________________ 
> Discover Yahoo! 
> Use Yahoo! to plan a weekend, have fun online and more. Check it out! 
> http://discover.yahoo.com/
-- 
Sebastian Garcia
Si6 - Laboratorio de Seguridad Informatica
CITEFA
San Juan B. de La Salle 4397 
B1603ALO Villa Martelli - Pcia. Bs. As.
Tel: (54-11) 4709-8289 
e-mail: sgarcia () citefa gov ar - www.citefa.gov.ar/si6/
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x4305E810