Honeypots mailing list archives
RE: Honeynet using a Netscreen?
From: "Dell, Jeffrey" <JDell () seisint com>
Date: Tue, 17 Dec 2002 18:55:07 -0500
In version 4.01r1 of the Netscreen firmware there are some new features that are nice for honeynets.. 1. Source-Based Session Limiting - limit the number of sessions from any one server. Ex: you can set it so a server can only initiate 1 session per second 2. Destination-Based Session Limiting - limit the number of outbound sessions per second 3. Alert but don't drop rule - This is good to be notified of an attack, but let it still through 4. It also has a slew of other filtering options for inbound out outbound traffic. You also might want to check out snortsam at http://www.snortsam.net/ it works with Netscreen firewalls as well. Snortsam automates the blocking of IP addresses based on Snort rules. Enjoy! Jeff -----Original Message----- From: Compton, Rich [mailto:RCompton () chartercom com] Sent: Monday, December 16, 2002 10:44 AM To: honeypots () securityfocus com Subject: Honeynet using a Netscreen? Has anyone ever created a honeynet using a Netscreen firewall? I'd like to be able to limit the number of from the honeypot out to the internet and I was wondering if someone has come up with such a config. I know that the throughput can be limited using a Netscreen but I haven't ever seen a config that will prevent access after a few sessions. Thanks in advance, Richard Compton
Current thread:
- Honeynet using a Netscreen? Compton, Rich (Dec 17)
- <Possible follow-ups>
- RE: Honeynet using a Netscreen? Dell, Jeffrey (Dec 17)