http://www.inliniac.net/blog/2006/07/11/snort_inline-idea-for-an-improved-bait-and-switch.html Everything inline. Tue, 06 Jan 2009 10:32:57 +0000 http://wordpress.org/?v=2.7 hourly 1 http://www.inliniac.net/blog/2006/07/11/snort_inline-idea-for-an-improved-bait-and-switch.html/comment-page-1#comment-1540 jack whitsitt Fri, 16 Feb 2007 18:56:10 +0000 http://psh.poort.lan/blog/?p=5#comment-1540 In the original Bait and Switch (which Will reworked...nice job!), we just had iptables mark packets and let custom routing tables based on the markings do the rest of the work (which meant other iptables rules could be left alone). It also meant your honeypot and prod server could have ducplicate IP's if you so desired. Doing it in snort-inline is probably possible, but do you want your IDS doing all of that extra work? In the original Bait and Switch (which Will reworked…nice job!), we just had iptables mark packets and let custom routing tables based on the markings do the rest of the work (which meant other iptables rules could be left alone). It also meant your honeypot and prod server could have ducplicate IP’s if you so desired. Doing it in snort-inline is probably possible, but do you want your IDS doing all of that extra work?

]]> http://www.inliniac.net/blog/2006/07/11/snort_inline-idea-for-an-improved-bait-and-switch.html/comment-page-1#comment-7 anonymous Sun, 06 Aug 2006 22:13:07 +0000 http://psh.poort.lan/blog/?p=5#comment-7 Will Metcalf is an excellent coder and any questioning of Will's methods, idea's, or code shall be seen as an act of treason and the violators shall be sentenced to a life time of QA work. Will Metcalf is an excellent coder and any questioning of Will’s methods, idea’s, or code shall be seen as an act of treason and the violators shall be sentenced to a life time of QA work.

]]>