Snort mailing list archives
Re: LaBrea
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 05 Jun 2002 18:30:05 -0500
On Wed, 2002-06-05 at 15:54, Hugo Ferr wrote:
I know it's out of the topic...but information on the web is vey limited regarding the LaBrea program, and I just looking for someone who implemented it and who is able to provide some feedback, starting from "does it really stop scans (makes them really slow)?"..etc
I have an installation where LaBrea is running beautifully. The box is running NT4 with FW-1 and LaBrea. It works great and slows scanners down a bit, so that Snort (sniffing the external side) can detect them and block them with SnortSam (running on the box). The only complaint is that LaBrea's logging clutters up the EventLog, but who reads that anyway. The Eventlogs get pumped with Eventreporter to a syslog server, and the data gets massaged and filtered there. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- LaBrea Hugo Ferr (Jun 05)
- Re: LaBrea Frank Knobbe (Jun 05)
- Re: LaBrea Hugo Ferr (Jun 06)
- Re: LaBrea Fyodor (Jun 05)
- Re: LaBrea Frank Knobbe (Jun 05)
- Re: LaBrea Hugo Ferr (Jun 06)
- Re: LaBrea Gianluca Marcari (Jun 06)
- Re: LaBrea Hugo Ferr (Jun 07)
- RE: LaBrea Paul Hem (Jun 07)
- Re: LaBrea Hugo Ferr (Jun 09)
- Re: LaBrea Frank Knobbe (Jun 05)