I would like to read it -- thanks! -Bill On Thu, Jul 19, 2012 at 11:38 AM, anthony kasza <[email protected]>wrote:
> I've got a brief write up about how I integrated John's and Paul's > honeyport script into an Ubuntu based OSSEC environment. It provides a > way for all OSSEC agents to blacklist an IP that connects to a single > honeyport on a single OSSEC agent. > > The write up includes the modified honeyport script as well as custom > OSSEC dissectors, rules, and configuration changes needed to set this > up. If anyone is interested in reading it, let me know. > > -AK > > On Thu, Jul 12, 2012 at 1:36 PM, Chris Benedict <[email protected]> > wrote: > > My project is mostly working, https://github.com/chrisbdaemon/BearTrap. > > > > I had to remove some of the functionality, but as a neat honeyport tool > it > > should work alright. It just hasn't really been used much yet. > > > > -Chris Benedict > > > > On Thu, Jul 12, 2012 at 8:50 AM, Doug Burks <[email protected]> > wrote: > >> > >> Hi Anthony, > >> > >> If you're planning on using OSSEC anyway, could you just have OSSEC > >> monitor IPTables for any DROPs? > >> > >> Example from > >> > http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html > : > >> > >> # Configure RHEL IPTables firewall to log any dropped packets to > >> /var/log/messages to be monitored by OSSEC > >> iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP " > >> > >> Thanks, > >> Doug > >> > >> On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <[email protected] > > > >> wrote: > >> > Hi All, > >> > > >> > On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport > >> > project. Does anyone know if the project took off? I'm attempting to > >> > integrate the command line scripts that John and Paul talked about at > >> > last year's DerbyCon (see slide 38) into OSSEC's active-response. > >> > > >> > -AK > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > >> > >> > >> -- > >> Doug Burks > >> http://securityonion.blogspot.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
