RE: Linux Snort-Inline Toolkit

["Dell, Jeffrey" <JDell () seisint com>]

If you are looking for information about Snort-Inline check out "GenII Data
Control for Honeynets" at
http://www.sfhn.org/whites/gen2.html


Jeff Dell
South Florida Honeynet Project

-----Original Message-----
From: Pig Monkey [mailto:pig.monkey () gte net] 
Sent: Wednesday, January 08, 2003 5:52 PM
To: honeypots () securityfocus com
Subject: Re: Linux Snort-Inline Toolkit


There's a tid bit more information that I found useful here (under
GenII):
http://project.honeynet.org/papers/honeynet/

Modifing the activity is a really interesting approach to me (I'm just
starting to get interested in Honeypot/nets). Of course, anything is better
than just dropping outbound connection after so many times.

On Wed, 2003-01-08 at 09:01, Lance Spitzner wrote:
> The Honeynet Project has been working with IDS Gateway technology
> for use as a Data Control mechanism.  As many of you know, an IDS 
> gateway combines the detection capability of a traditional NIDS, 
> but adds the filtering capability of a firewall.
>
> Once such example is Snort-Inline, a modified version of Snort 1.9. 
> Developed by Jed Haile, this patched version of Snort can not only 
> detect malicious activity, but Drop or even Modify it.
>
> To help promote the understanding and development of Snort-Inline, the 
> Honeynet Project has released the Linux Snort-Inline Toolkit. This 
> toolkit has a statically precompiled Snort-Inline binary for Linux, 
> documentation, and a rules converter script.  You can find the toolkit 
> at the Honeynet Tools section.
>
>     http://www.honeynet.org/papers/honeynet/tools/
>
> As always, input and suggestions appreciated.
>
> Thanks!