Wow. That's more straight forward than using the logger command within the honeyport script. Thanks for the tip, Doug!
On Thu, Jul 12, 2012 at 8:50 AM, Doug Burks <[email protected]> wrote: > Hi Anthony, > > If you're planning on using OSSEC anyway, could you just have OSSEC > monitor IPTables for any DROPs? > > Example from > http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html: > > # Configure RHEL IPTables firewall to log any dropped packets to > /var/log/messages to be monitored by OSSEC > iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP " > > Thanks, > Doug > > On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <[email protected]> > wrote: >> Hi All, >> >> On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport >> project. Does anyone know if the project took off? I'm attempting to >> integrate the command line scripts that John and Paul talked about at >> last year's DerbyCon (see slide 38) into OSSEC's active-response. >> >> -AK >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > Doug Burks > http://securityonion.blogspot.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
