PaulDotCom mailing list archives
snort and honeyd
From: david.grubers at gmail.com (David Grubers)
Date: Sun, 9 Nov 2008 13:24:22 -0500
Paul, By bridged mode, do you mean snort_inline, or some other functionality that I am overlooking? I set HOME_NET to the entire /24 (which I do have control of) but I seem to only get warnings for the host's IP. Do I need to use snort_inline so I can get data from the iptables queue, or does plain-old snort have the functionality to do what I want and I just haven't configured it right? Joe, thanks for your ideas. HOME_NET is correct, and I am in the process of checking out the honeynet project, which is what I assume you were referring to (honeywall is for true honeynets, whereas honeyd just emulates hosts). David 2008/11/6 Paul Asadoorian <paul at pauldotcom.com>:
Hi David, Just a thought, if you run Snort on the host machine, and its in bridged mode, won't you see all the traffic from the VMs? Cheers, Paul David Grubers wrote:I've got a honeyd server with about 5 virtual machines, with snort running on the host. Can anyone give some wisdom on configuring snort to generate alerts for all the IPs (they are sequential) instead of just the host box? Thanks, David _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- snort and honeyd David Grubers (Nov 05)
- snort and honeyd Joel Esler (Nov 06)
- snort and honeyd Paul Asadoorian (Nov 06)
- snort and honeyd David Grubers (Nov 09)
- snort and honeyd Paul Asadoorian (Nov 11)
- snort and honeyd David Grubers (Nov 09)