Snort mailing list archives
Re: Question on snort redirecting
From: "Jack Whitsitt (jofny)" <seclists () violating us>
Date: Wed, 4 Feb 2004 08:38:44 -0500 (EST)
http://www.violating.us/projects/baitnswitch This will redirect traffic to another box...but it's set up particularly to be used with honeypots (per your honeyd question - I think this works fine with honeyd. Im in the process of testing it now). Current version is patched against Snort 2.0.2, but I have a version that uses Barnyard that I can send you if you use a different snort version and are unwilling/unable to revise the patch against your preferred version. We're looking at, speculatively, an early April release date for something that's a bit easier to use... -Jack
Hi All, Can snort redirect packet or traffic to other computer? My case is: Attacker->linux box(with snort)----Internal(computer A and B) Suppose an attacker is to attack my linux box. Can I forward the attacker's traffic to computer A in my Intarnet? At the same time, normal traffic to computer B? As you know, I don't know the attacker's IP before it attack. How can I redirect it? Do I need to read from the snort database? Can snort know how to redirect? or Do I need to write some scripts? Many Thanks! Best, Fred _________________________________________________________ ¥²±þ§Þ¡B¶¼ºq¡B¤p¬P¬P... ®öº©¹aÁn ±¡¤ß³sô http://ringtone.yahoo.com.hk/ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question on snort redirecting WAN FAT WU (Feb 04)
- Re: Question on snort redirecting Jack Whitsitt (jofny) (Feb 04)
- Re: Question on snort redirecting Owen McCusker (Feb 04)
- Re: Question on snort redirecting Matt Kettler (Feb 04)