[Snort-users] Honeypot Project ruleset

Steve Halligan agent33 at ...187...
Thu Nov 29 12:51:02 EST 2001


> Hello,
> 
> Where could I get the ruleset used by Honeypot
> Project?
> 
> Thanks in advance.
>
Honeynets generally log all packets in and out of the network, since all
packets would be suspect.  So a honeynet ruleset would look someting like:

alert ip any any -> any any (msg: Traffic;)

-steve

 




More information about the Snort-users mailing list