Hi guys,
I wrote an active-response script for ossec, which will mirror the
traffic back to the "attacker". It will block any active connection with
the "attacker" and every new connection will be mirrored back to the
attacker (iptables PREROUTING overwrites the destination and POSTROUTING
masquerades).
I wrote in my blog about it (in german only)
http://blog.h4des.org/index.php?/archives/213-Angreifer-sich-selber-angreifen-lassen-mittels-ossec-traffic-zuruecksenden.html
Here is the script:
http://h4des.org/source/blog/mirroring-traffic.sh.txt
Is the ossec project interested in this script for the next release?
Regards
--
Andre Pawlowski
-------------------------------------------------------------------
Ordnung braucht nur der Dumme, das Genie beherrscht das Chaos.
-Albert Einstein
To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or
reply to this email with the words "REMOVE ME" as the subject.
