[Honeywall] honeywall 1.4 system update, hflow, snort roblems

Brett Ussher breusshe at hotmail.com
Tue Oct 11 15:46:53 CDT 2011


Yeah, this is an old problem, Kristen.  In order to get Snort working 
the way they did, the original designers had to custom roll Snort.  
Also, the other modules they constructed have a dependency on the custom 
rolled version of Snort.  Several have tried to fix this problem in the 
past, but a "duct tape" fix has yet to be successful.  The real solution 
would require a ground up rebuild of Honeywall that is platform 
independent and does not require custom built installers.  But, that 
solution keeps coming up and promptly dying.

If you want to use Honeywall in research as a proof of concept or modify 
it to watch for something particular, you are good to go.  Otherwise, as 
a production-ready solution, until the code base is revamped ground up, 
you're beating your head into a brick wall.

Brett D. Ussher

"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind."
- Dr. Seuss


On 10/11/2011 10:00 AM, honeywall-request at public.honeynet.org wrote:
> Send Honeywall mailing list submissions to
> 	honeywall at public.honeynet.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
> 	honeywall-request at public.honeynet.org
>
> You can reach the person managing the list at
> 	honeywall-owner at public.honeynet.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
>
>
> Today's Topics:
>
>     1.  honeywall 1.4 system update, hflow, snort, problems
>        (Kristen Eisenberg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 10 Oct 2011 15:55:40 -0700 (PDT)
> From: Kristen Eisenberg<kristen.eisenberg at yahoo.com>
> Subject: [Honeywall]  honeywall 1.4 system update, hflow, snort,
> 	problems
> To: "honeywall at public.honeynet.org"<honeywall at public.honeynet.org>
> Message-ID:
> 	<1318287340.88099.YahooMailNeo at web122315.mail.ne1.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
> I am doing a project about Virtual Honeynets. One of the main aims of it
> is to design and implement laptop based detection system based on
> virtual honeynet (Honeywall roo CDROM). Its main role is to analyze LAN
> traffic and alert.
>
> One of the problems I have come across are out-of-date snort rules.
> roo-1.4 is based on snort 2.6 but rules for are not available for this
> version. 2.8.6.1 is the lowest version available (Jan 2011).
>
> What I have done so far:
> - Hwall was successfully updated using CentOS 5.5 repos,
> - compiled and installed snort 2.8.6
> - installed new set of rules 2.8.6.1 using oinkmaster
>
>
> Kristen Eisenberg
> Billige Fl?ge
> Marketing GmbH
> Emanuelstr. 3,
> 10317 Berlin
> Deutschland
> Telefon: +49 (33)
> 5310967
> Email:
> utebachmeier at
> gmail.com
> Site:
> http://flug.airego.de
> - Billige Fl?ge vergleichen
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://public.honeynet.org/pipermail/honeywall/attachments/20111010/13108d71/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>
> End of Honeywall Digest, Vol 52, Issue 1
> ****************************************
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20111011/5d98f46b/attachment.html 


More information about the Honeywall mailing list