-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 20 Nov 2007 21:59:40 -0500 Talha <[EMAIL PROTECTED]> wrote: >Hi, > >Im a newbie with honeynets and using it as a study project. I need >to >know any resources, techniques or ideas how to limit the attacker >from >using a compromised honeynet to use as an attack machine to launch >further attacks (in or outside the network). There will never be a 100% guaranteed solution to this however the Honeywall (http://www.honeynet.org/tools/cdrom/) has the following in place to do what you desire: Outbound rate limiting Throttles outbound traffic in an effort to prevent high throughput DOS Snort-inline Attempts to block known attacks assuming you have a valid signature in place Fence list As a last resort, we've implemented something called a fence list - A list of IP addresses, CIDR blocks, whatever IPTables understands. Traffic originating from listed Honeypots destined for any IP range in the fence list will be blocked at the Honeywall >Secondly creating a separate network segment to host the honeynet >is >not attactive enough, and using it within the corporate >environment is >too risky. Where and how do we draw the line for separation of >honeynets with the actual network. Thats a decision you (local policy) need to make on your own. If you are real paranoid run in "Roach Motel Mode" to start with. In this mode. traffic is allowed IN to the Honeypot network and reply traffic is allowed back out but no traffic is allowed to originiate from a Honeypot. This mode is only so useful though. There is a certain degree of risk associated with connecting any device to any network :) Whether or not the potential benefit out weighs the risk involved can be a very difficult question to answer even for someone that knows most of the variables involved. Earl >Thanks and Regards, >Talha Tariq >Postgraduate student in Information Security. >_______________________________________________ >Honeywall mailing list >[email protected] >https://public.honeynet.org/mailman/listinfo/honeywall -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wkYEARECAAYFAkdDuKwACgkQk7+e+4lPSm3tTwCfWb9QlQ2U7v7N8ZzWJQfyYp30xD0A nigtZ0IDhyp4b4zzpH/h/ms65cgF =F766 -----END PGP SIGNATURE----- _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
