Re: Linux Snort-Inline Toolkit

[Pig Monkey <pig.monkey () gte net>]

There's a tid bit more information that I found useful here (under
GenII):
http://project.honeynet.org/papers/honeynet/

Modifing the activity is a really interesting approach to me (I'm just
starting to get interested in Honeypot/nets). Of course, anything is
better than just dropping outbound connection after so many times.

On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
> The Honeynet Project has been working with IDS Gateway technology 
> for use as a Data Control mechanism.  As many of you know, an IDS 
> gateway combines the detection capability of a traditional NIDS, 
> but adds the filtering capability of a firewall.
>
> Once such example is Snort-Inline, a modified version of Snort 1.9.
> Developed by Jed Haile, this patched version of Snort can not only
> detect malicious activity, but Drop or even Modify it.
>
> To help promote the understanding and development of Snort-Inline,
> the Honeynet Project has released the Linux Snort-Inline Toolkit.
> This toolkit has a statically precompiled Snort-Inline binary for
> Linux, documentation, and a rules converter script.  You can find
> the toolkit at the Honeynet Tools section.
>
>     http://www.honeynet.org/papers/honeynet/tools/
>
> As always, input and suggestions appreciated.
>
> Thanks!