Anthony,
Thank you very much, I truly appreciate the link and work!
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 7/31/2012 6:03 PM, anthony kasza wrote:
http://anthonykasza.webs.com/docs/honeyports.pdf
On Mon, Jul 30, 2012 at 10:45 PM, Arch Angel <[email protected]> wrote:
I think the community has spoken, we all want to read it :-)
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 7/19/2012 12:38 PM, anthony kasza wrote:
I've got a brief write up about how I integrated John's and Paul's
honeyport script into an Ubuntu based OSSEC environment. It provides a
way for all OSSEC agents to blacklist an IP that connects to a single
honeyport on a single OSSEC agent.
The write up includes the modified honeyport script as well as custom
OSSEC dissectors, rules, and configuration changes needed to set this
up. If anyone is interested in reading it, let me know.
-AK
On Thu, Jul 12, 2012 at 1:36 PM, Chris Benedict <[email protected]>
wrote:
My project is mostly working, https://github.com/chrisbdaemon/BearTrap.
I had to remove some of the functionality, but as a neat honeyport tool
it
should work alright. It just hasn't really been used much yet.
-Chris Benedict
On Thu, Jul 12, 2012 at 8:50 AM, Doug Burks <[email protected]> wrote:
Hi Anthony,
If you're planning on using OSSEC anyway, could you just have OSSEC
monitor IPTables for any DROPs?
Example from
http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html:
# Configure RHEL IPTables firewall to log any dropped packets to
/var/log/messages to be monitored by OSSEC
iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP "
Thanks,
Doug
On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <[email protected]>
wrote:
Hi All,
On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport
project. Does anyone know if the project took off? I'm attempting to
integrate the command line scripts that John and Paul talked about at
last year's DerbyCon (see slide 38) into OSSEC's active-response.
-AK
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
--
Doug Burks
http://securityonion.blogspot.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
