Honeypots mailing list archives
Re: Hi: ftp fake and real
From: <perrieror () ssginfo montclair edu>
Date: Sat, 25 Jan 2003 11:59:46 -0500 (EST)
Why are you redirecting the user to a fake ftp server? are you trying to log their attack or are you trying to stop them from attacking your real ftp server? if you are simply trying to stop them, why don't you configure snort to block their ip or have snort kick them off of the ftp? Robert Perriero Montclair State University Systems and Security Group
Note:my earnest request, plz dont display my email id in mailing list Hi, i have a problem. i have two servers, real ftp and fake ftp. and all the ftp requests are directed to real ftp until the user is declared an attacker by Snort. When the snort declares that the user is an attacker, the attacker is directed to the fake ftp server. Now the problem is, how do i start the fake ftp session from where he left the real ftp session. or is there any other method for tackling with attackers using fake services. waiting for a prompt reply, Bye ===== ---------------------------------------------------------------------------------------------------------------------- Your Attitude decides your Altitude. You are what you choose to be. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- Re: Hi: ftp fake and real perrieror (Jan 25)