Honeypots mailing list archives
RE: About Data Control
From: mike () honeynet org
Date: Fri, 17 Jan 2003 14:39:45 -0500 (EST)
Not only can snort inline be used for that, but it is also used to make it more difficult to compromise other hosts from the honeynet. If an attacker launches an attack from the honeynet, snort inline will try to drop or modify the packet. This way we can increase the number of connections we allow out, since them getting an exploit out is less likely. Mike Clark On Fri, 17 Jan 2003, Gonzalez, Albert wrote:
Well, My honeypot is currently inside of my internal network. I have it on its own internal private subnet separated from all my other machines. I have my gateway limit X connections per X minutes/seconds outbound from my honeypot. Thus if my machine does get breached while im not watching (which usually - happens) the attacker can't do much with the limitations I empose.+ (I've even have had them to the point of rm'ing my machine :( ). The Honeynet Project (correct me if im wrong) is trying to use snort-inline to block the "stupid" attacks(ie: CodeRed, IIS Unicode, etc.) and other well known attacks to see if they can get something new. Which is a great idea. HTH. Cheers! Alberto Gonzalez.
Current thread:
- About Data Control Martim Carbone (Jan 17)
- Re: About Data Control Anton A. Chuvakin (Jan 17)
- Re: About Data Control Johan Augustsson (Jan 18)
- <Possible follow-ups>
- RE: About Data Control Gonzalez, Albert (Jan 17)
- RE: About Data Control mike (Jan 17)
- Fwd: Re: About Data Control Eloi Granado (Jan 27)