[Dshield] Not in MY back yard - thank you very much...

jayjwa jayjwa at atr2.ath.cx
Thu Feb 19 08:27:44 GMT 2004



On Wed, 18 Feb 2004, John Draper wrote:

> >> My idea was to put it behind a Crunchbox,  which is setup as a network
> >> "sniffer"
> >> and at the same time,  detect and stop hostile activity that might
> >> erupt after the
> >> honeypot detected some type of hostile traffic like a coordinated DDOS
> >> attack.
> >
> >
> > That sounds like a fun idea. I wish I had something to donate :(
>
> I might just put this on my home network.   But I first want to setup
> some
> serious packet sniffing stuff....    Darn,   if I do,  I can kiss off
> listening to
> streaming audio....    I only want to catch hostile traffic and not
> have to wade
> through a shitload of sniffed stream data....


Most good sniffers will allow amazingly complex filters. Today, it seemed
like there was a little bit TOO much traffic going to & fro, so I watched
for several hours, all this with ftp'ing data in, and users on both https
& ftp. For example, if you are drawing from some-home.net:8000 via http,
write a filter to ignore that part only. Today I used tethereal, but
there's several I'd recommend.


-- 
=============================================
%jayjwa%  RLF#37    "Gnu for ALL. SCO Never."
Vx_Labs Research Group @ Atr2
PGP Key-Fetch: B628B851
   Jung xvaqn jnpxb qrpbqrf ebg13 sebz fvtf ?
---------------------------------------------




More information about the list mailing list