[Honeywall] Roo HoneyWall with Dionaea Honeypot

jankins andyjian430074 at gmail.com
Thu Jan 17 12:19:04 CST 2013


1. Sure. Connection limitation in Honeywall can limit how many outbound connections from Dionaea can be made like per second, minute, hour, etc. While/black list can also be used. Also, snort-inline can detect common attacks. You should, of course, update snort-inline signature database on daily basis.

2. It's better to use some containment policies. 

Jankins


----- Receiving the following content ----- 
From: Najmeh Rezatash 
Receiver: honeywall 
Time: 2012-12-17, 06:19:16
Subject: [Honeywall] Roo HoneyWall with Dionaea Honeypot


Hi All,
I've deployed two Dionaea Honeypots and I want to use Roo HoneyWall just for Secureguarding my honeypots. Dionaea honeypot is a low interaction Honeypot and has its own data capture techniques, it stores malware samples and attack information on disk. So I do not require sebek to capture data. I just want to use Roo HoneyWall for data control purpose. I mean Just for Traffic shaping, connection limit and using snort-inline. my Questions are:

1- is it possible to use Roo just for data control of Dionaea honeypot?
2- I want to use honeypots as sensors in my lan, Lan1, so they have IPs in Lan1 range like 192.168.1.x and management host is also in Lan1. is this reasonable to have such configuration from security point of view?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20130117/08296cc7/attachment.html 


More information about the Honeywall mailing list