Hosting Provided By

Re: [Snort-inline-users] Re: attack redirection

From: Lance Spitzner <lance(at)honeynet.org>
Date: Sun May 18 2003 - 20:42:04 EDT

On Sun, 18 May 2003, Ray Stirbei wrote:

>
> Forescout ( http://www.forescout.com/index.html) sells a product that works
> with commercial firewall and IPS vendors. It detects all kinds of scans and
> returns dummy server information. Then any traffic to these dummy servers can
> be filtered. You can replace the dummy server addresses with your
> honeypot(s).
>
> I agree this would be a great feature to snort and I have copied the
> snort-inline list.
> Best regards

> > I'm looking for some program to redirect an attack on my web server

There is already something similar to this, called Bait-n-Switch. While very beta, you may want to check it out.

http://violating.us/projects/baitnswitch/

lance

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics

Received on Mon May 19 16:36:56 2003

This message: [ Message body ]
Next message: Jim Barrett: "RE: Decrypt File"
Previous message: Peter Weiss: "Password Cracking"
In reply to: Ray Stirbei: "Re: attack redirection"
In reply to Jon Baer: "Re: attack redirection"
Next in thread: Jed Haile: "Re: [Snort-inline-users] Re: attack redirection"
Reply: Jed Haile: "Re: [Snort-inline-users] Re: attack redirection"
Reply: Jim Barrett: "RE: Decrypt File"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:26 EDT

Do you need help?