My project is mostly working, https://github.com/chrisbdaemon/BearTrap.
I had to remove some of the functionality, but as a neat honeyport tool it should work alright. It just hasn't really been used much yet. -Chris Benedict On Thu, Jul 12, 2012 at 8:50 AM, Doug Burks <[email protected]> wrote: > Hi Anthony, > > If you're planning on using OSSEC anyway, could you just have OSSEC > monitor IPTables for any DROPs? > > Example from > http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html > : > > # Configure RHEL IPTables firewall to log any dropped packets to > /var/log/messages to be monitored by OSSEC > iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP " > > Thanks, > Doug > > On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <[email protected]> > wrote: > > Hi All, > > > > On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport > > project. Does anyone know if the project took off? I'm attempting to > > integrate the command line scripts that John and Paul talked about at > > last year's DerbyCon (see slide 38) into OSSEC's active-response. > > > > -AK > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > -- > Doug Burks > http://securityonion.blogspot.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
