Re: Hi: ftp fake and real

[<perrieror () ssginfo montclair edu>]

Why are you redirecting the user to a fake ftp server? are you trying to
log their attack or are you trying to stop them from attacking your real
ftp server? if you are simply trying to stop them, why don't you configure
snort to block their ip or have snort kick them off of the ftp?

Robert Perriero
Montclair State University
Systems and Security Group

> Note:my earnest request, plz dont display my email id
> in mailing list
>
> Hi,
>    i have a problem. i have two servers, real ftp and
> fake ftp. and all the ftp requests are directed to
> real ftp until the user is declared an attacker by
> Snort. When the snort declares that the user is an
> attacker, the attacker is directed to the fake ftp
> server. Now the problem is, how do i start the fake
> ftp session from where he left the real ftp session.
> or is there any other method for tackling with
> attackers using fake services.
>  waiting for a prompt reply,
> Bye
>
>
>
> =====
> ----------------------------------------------------------------------------------------------------------------------
> Your Attitude decides your Altitude. You are what you choose to be.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com