PaulDotCom mailing list archives
Re: HoneyPorts (again)
From: Doug Burks <doug.burks () gmail com>
Date: Thu, 12 Jul 2012 09:50:24 -0400
Hi Anthony, If you're planning on using OSSEC anyway, could you just have OSSEC monitor IPTables for any DROPs? Example from http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html: # Configure RHEL IPTables firewall to log any dropped packets to /var/log/messages to be monitored by OSSEC iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP " Thanks, Doug On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <anthony.kasza () gmail com> wrote:
Hi All, On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport project. Does anyone know if the project took off? I'm attempting to integrate the command line scripts that John and Paul talked about at last year's DerbyCon (see slide 38) into OSSEC's active-response. -AK _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Doug Burks http://securityonion.blogspot.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- HoneyPorts (again) anthony kasza (Jul 11)
- Re: HoneyPorts (again) John Strand (Jul 12)
- Re: HoneyPorts (again) Doug Burks (Jul 12)
- Re: HoneyPorts (again) anthony kasza (Jul 12)
- Re: HoneyPorts (again) Chris Benedict (Jul 12)
- Re: HoneyPorts (again) anthony kasza (Jul 19)
- Re: HoneyPorts (again) Bill Swearingen (Jul 19)
- Re: HoneyPorts (again) Xavier Mertens (Jul 19)
- Re: HoneyPorts (again) lonestarr13 (Jul 20)
- Re: HoneyPorts (again) John Strand (Jul 20)
- Re: HoneyPorts (again) Arch Angel (Jul 31)
- Re: HoneyPorts (again) anthony kasza (Jul 31)
- Re: HoneyPorts (again) Arch Angel (Jul 31)