Honeypots mailing list archives
RE: Linux Snort-Inline Toolkit
From: "Dell, Jeffrey" <JDell () seisint com>
Date: Thu, 9 Jan 2003 09:27:56 -0500
If you are looking for information about Snort-Inline check out "GenII Data Control for Honeynets" at http://www.sfhn.org/whites/gen2.html Jeff Dell South Florida Honeynet Project -----Original Message----- From: Pig Monkey [mailto:pig.monkey () gte net] Sent: Wednesday, January 08, 2003 5:52 PM To: honeypots () securityfocus com Subject: Re: Linux Snort-Inline Toolkit There's a tid bit more information that I found useful here (under GenII): http://project.honeynet.org/papers/honeynet/ Modifing the activity is a really interesting approach to me (I'm just starting to get interested in Honeypot/nets). Of course, anything is better than just dropping outbound connection after so many times. On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
The Honeynet Project has been working with IDS Gateway technology for use as a Data Control mechanism. As many of you know, an IDS gateway combines the detection capability of a traditional NIDS, but adds the filtering capability of a firewall. Once such example is Snort-Inline, a modified version of Snort 1.9. Developed by Jed Haile, this patched version of Snort can not only detect malicious activity, but Drop or even Modify it. To help promote the understanding and development of Snort-Inline, the Honeynet Project has released the Linux Snort-Inline Toolkit. This toolkit has a statically precompiled Snort-Inline binary for Linux, documentation, and a rules converter script. You can find the toolkit at the Honeynet Tools section. http://www.honeynet.org/papers/honeynet/tools/ As always, input and suggestions appreciated. Thanks!
Current thread:
- Linux Snort-Inline Toolkit Lance Spitzner (Jan 08)
- Re: Linux Snort-Inline Toolkit Pig Monkey (Jan 08)
- <Possible follow-ups>
- RE: Linux Snort-Inline Toolkit Dell, Jeffrey (Jan 09)