[Dshield] Not in MY back yard - thank you very much...
jayjwa at atr2.ath.cx
Thu Feb 19 08:27:44 GMT 2004
On Wed, 18 Feb 2004, John Draper wrote:
> >> My idea was to put it behind a Crunchbox, which is setup as a network
> >> "sniffer"
> >> and at the same time, detect and stop hostile activity that might
> >> erupt after the
> >> honeypot detected some type of hostile traffic like a coordinated DDOS
> >> attack.
> > That sounds like a fun idea. I wish I had something to donate :(
> I might just put this on my home network. But I first want to setup
> serious packet sniffing stuff.... Darn, if I do, I can kiss off
> listening to
> streaming audio.... I only want to catch hostile traffic and not
> have to wade
> through a shitload of sniffed stream data....
Most good sniffers will allow amazingly complex filters. Today, it seemed
like there was a little bit TOO much traffic going to & fro, so I watched
for several hours, all this with ftp'ing data in, and users on both https
& ftp. For example, if you are drawing from some-home.net:8000 via http,
write a filter to ignore that part only. Today I used tethereal, but
there's several I'd recommend.
%jayjwa% RLF#37 "Gnu for ALL. SCO Never."
Vx_Labs Research Group @ Atr2
PGP Key-Fetch: B628B851
Jung xvaqn jnpxb qrpbqrf ebg13 sebz fvtf ?
More information about the list