Honeypots mailing list archives
Re: honeypot+ids?
From: Patrick Dolan <dolan () cc admin unt edu>
Date: Mon, 11 Aug 2003 14:00:13 -0500
I find it easiest to set up the router/switch as a computer rather than just a piece of hardware. OpenBSD, for instance, has good capabilities for packet filtering. With this method, you can run the IDS on the router and have it listen to the internal interface. I've used OpenBSD in combination with Snort for this scenario and it works well. On Monday 11 August 2003 01:30 pm, Kostas K wrote:
Hi list, In the case of a low-interaction honeypot i would say that it is acceptable the to use both ids+honeypot on the same machine. But what about in a high-interaction honeypot? I have a router/switch (netgear) how can i possibly redirect data from the honeypot to the ids? Any ideas? Thanks
-- Patrick Dolan UNT Information Security PGP ID: E5571154 Primary key fingerprint: 5681 25E4 6BE6 298E 9CF0 6F8D B13B 2456 E557 1154
Current thread:
- honeypot+ids? Kostas K (Aug 11)
- Re: honeypot+ids? Patrick Dolan (Aug 11)
- Re: honeypot+ids? Jose Nazario (Aug 11)
- <Possible follow-ups>
- Re: honeypot+ids? Kostas K (Aug 13)
- Re: honeypot+ids? Patrick Dolan (Aug 11)