Re: HoneyPorts (again)

[Chris Benedict <chrisbdaemon () gmail com>]

My project is mostly working, https://github.com/chrisbdaemon/BearTrap.

I had to remove some of the functionality, but as a neat honeyport tool it
should work alright.  It just hasn't really been used much yet.

-Chris Benedict

On Thu, Jul 12, 2012 at 8:50 AM, Doug Burks <doug.burks () gmail com> wrote:

> Hi Anthony,
>
> If you're planning on using OSSEC anyway, could you just have OSSEC
> monitor IPTables for any DROPs?
>
> Example from
> http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html
> :
>
> # Configure RHEL IPTables firewall to log any dropped packets to
> /var/log/messages to be monitored by OSSEC
> iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP "
>
> Thanks,
> Doug
>
> On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <anthony.kasza () gmail com>
> wrote:
> > Hi All,
> >
> > On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport
> > project. Does anyone know if the project took off? I'm attempting to
> > integrate the command line scripts that John and Paul talked about at
> > last year's DerbyCon (see slide 38) into OSSEC's active-response.
> >
> > -AK
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> Doug Burks
> http://securityonion.blogspot.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com