Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-inline-users] Re: attack redirection

From: Lance Spitzner <lance () honeynet org>
Date: Sun, 18 May 2003 19:42:04 -0500 (CDT)
On Sun, 18 May 2003, Ray Stirbei wrote:



Forescout ( http://www.forescout.com/index.html) sells a product that works
with commercial firewall and IPS vendors.  It detects all kinds of scans and
returns dummy server information. Then any traffic to these dummy servers can
be filtered. You can replace the dummy server addresses with your
honeypot(s).

I agree this would be a great feature to snort and I have copied the
snort-inline list.
Best regards



       I'm looking for some program to redirect an attack on my web server
to a honeypot. Maybe triggered by number of hits in a given time or by
certain requests. Does such a thing exist? Where can I get it? Or would I
have to write some kind of script?


There is already something similar to this, called Bait-n-Switch.
While very beta, you may want to check it out.

    http://violating.us/projects/baitnswitch/

lance


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: