Honeypots mailing list archives
snort inline doesn't seem to drop malicious traffic
From: "Alexander Meyer (spot-media AG)" <meyer () spot-media de>
Date: Mon, 28 Jul 2003 18:34:05 +0200
hi list, i set up a gen2 honeynet following the instructions on the honeynet website. so far everything seems to work fine except that i was able to successfully attack my outside-of-the-honeynet testbox (with that latest samba buffer overflow exploit called sambal.c). from inside the honeynet. the inline snort detects and logs the attack but it isn't blocked. first i was suspecting that iptables wasn't queueing at all but killing the snort_inline process proved that wrong. also fiddling with the snort_inline startup script (i.e. changing the interface to listen on) didn't help. could anyone point me to what i might have missed? thanks in advance, alexander. -- spot-media AG Alexander Meyer Systemadministrator Lange Reihe 2 20099 Hamburg Fon: 040-248 28 711 Fax: 040-248 28 880 www.spot-media.de mailto:meyer () spot-media de Key ID: FA4FC80C
Current thread:
- snort inline doesn't seem to drop malicious traffic Alexander Meyer (spot-media AG) (Jul 28)
- Re: snort inline doesn't seem to drop malicious traffic Stephan Scholz (Jul 29)
- Re: snort inline doesn't seem to drop malicious traffic Alexander Meyer (spot-media AG) (Jul 29)
- Re: snort inline doesn't seem to drop malicious traffic Stephan Scholz (Jul 29)
- Re: snort inline doesn't seem to drop malicious traffic Alexander Meyer (spot-media AG) (Jul 29)
- Re: snort inline doesn't seem to drop malicious traffic Stephan Scholz (Jul 29)