[Snort-users] Fun with IPF and Snort

shawn . moyer shawn at ...1184...
Mon Mar 19 13:33:18 EST 2001


James Hoagland wrote:
 
> If you like that idea, you might want to check out the Deception
> Toolkit, originally developed a few years ago:
> 
>    http://www.all.net/dtk/
> 
> Haven't played with it myself, but I heard Fred Cohen talk about it
> last week at UC Davis.

DTK is still cool, but it hasn't been very actively maintained for
awhile. I do some similar stuff with netcat and fake banners (i.e. nc -l
< banner.txt) to create dummy services and other fun stuff. So far,
though, redirecting stuff to chargen has been the most fun, just to
watch someone hit that port and be completely baffled. 

Marcus Ranum also had a cool idea about building scripts that redirect
attacks back to the attacker's own box, so that they actually root
themselves. :)








--shawn

-- 

s h a w n   m o y e r
shawn at ...1184...


The universe did not invent justice; man did.
Unfortunately, man must reside in the universe.

                                        -- Zelazny




More information about the Snort-users mailing list