[Honeywall] honeywall 1.4 system update, hflow, snort problems

Sanjeev ror.sanjeev at gmail.com
Tue Oct 11 23:11:29 CDT 2011


If there is a problem with data control ( rc.firewall, snort) then it may
effect the other non-honeynet system which we have also experimentally
tested. We have executed a malware on Honeypot behind proxy
gateway(Honeywall) , and it was generated the millions of ICMP packects to
outside world which conclude that Honeynet may damage other non-honeynet
system.

I would lile to ask:

1. What are the way so that it should effect the non-honeynet systems
basically Risk-free Honeynet system
2. If I am able to redevelop the Honeywall then what are the data control
mechanism should i use.

3. How to avoid DDoS(ICMP flooding,SYN flooding) attacks to non-honeynet
system,.

If there can  not be remove then there is no concept to deploy the honeynet
in network.

Thanks & Regards,
-Sanjeev
Honeynet-team
Cyber Security group,India

2011/10/12 Brett Ussher <breusshe at hotmail.com>

> **
> Yeah, this is an old problem, Kristen.  In order to get Snort working the
> way they did, the original designers had to custom roll Snort.  Also, the
> other modules they constructed have a dependency on the custom rolled
> version of Snort.  Several have tried to fix this problem in the past, but a
> "duct tape" fix has yet to be successful.  The real solution would require a
> ground up rebuild of Honeywall that is platform independent and does not
> require custom built installers.  But, that solution keeps coming up and
> promptly dying.
>
> If you want to use Honeywall in research as a proof of concept or modify it
> to watch for something particular, you are good to go.  Otherwise, as a
> production-ready solution, until the code base is revamped ground up, you're
> beating your head into a brick wall.
>
> Brett D. Ussher
>
> "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind."
> - Dr. Seuss
>
>
> On 10/11/2011 10:00 AM, honeywall-request at public.honeynet.org wrote:
>
> Send Honeywall mailing list submissions to
> 	honeywall at public.honeynet.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
> 	honeywall-request at public.honeynet.org
>
> You can reach the person managing the list at
> 	honeywall-owner at public.honeynet.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
>
>
> Today's Topics:
>
>    1.  honeywall 1.4 system update, hflow, snort, problems
>       (Kristen Eisenberg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 10 Oct 2011 15:55:40 -0700 (PDT)
> From: Kristen Eisenberg <kristen.eisenberg at yahoo.com> <kristen.eisenberg at yahoo.com>
> Subject: [Honeywall]  honeywall 1.4 system update, hflow, snort,
> 	problems
> To: "honeywall at public.honeynet.org" <honeywall at public.honeynet.org> <honeywall at public.honeynet.org> <honeywall at public.honeynet.org>
> Message-ID:
> 	<1318287340.88099.YahooMailNeo at web122315.mail.ne1.yahoo.com> <1318287340.88099.YahooMailNeo at web122315.mail.ne1.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
> I am doing a project about Virtual Honeynets. One of the main aims of it
> is to design and implement laptop based detection system based on
> virtual honeynet (Honeywall roo CDROM). Its main role is to analyze LAN
> traffic and alert.
>
> One of the problems I have come across are out-of-date snort rules.
> roo-1.4 is based on snort 2.6 but rules for are not available for this
> version. 2.8.6.1 is the lowest version available (Jan 2011).
>
> What I have done so far:
> - Hwall was successfully updated using CentOS 5.5 repos,
> - compiled and installed snort 2.8.6
> - installed new set of rules 2.8.6.1 using oinkmaster
>
>
> Kristen Eisenberg
> Billige Fl?ge
> Marketing GmbH
> Emanuelstr. 3,
> 10317 Berlin
> Deutschland
> Telefon: +49 (33)
> 5310967
> Email:
> utebachmeier atgmail.com
> Site:http://flug.airego.de
> - Billige Fl?ge vergleichen
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://public.honeynet.org/pipermail/honeywall/attachments/20111010/13108d71/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Honeywall mailing listHoneywall at public.honeynet.orghttps://public.honeynet.org/mailman/listinfo/honeywall
>
>
> End of Honeywall Digest, Vol 52, Issue 1
> ****************************************
>
>
>
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>


-- 
Efforts may fail,But don't Fail to make efforts.
---------
Sanjeev Kumar
Staff Scientist/ Scientist 'B'
CDAC((Erstwhile CEDTI)
Mohali,Chandigarh - 160 071
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20111012/a8e6747c/attachment.html 


More information about the Honeywall mailing list