[Honeywall] Roo HoneyWall with Dionaea Honeypot

Najmeh Rezatash nrezatash at gmail.com
Thu Jan 17 14:11:21 CST 2013


Thanks god, after 1 month somebody eventually answered my questions
here. thanks Jankins.
it seems that Roo honeywall is pretty outdated. it isn't updated for
last 4 years, and modules of snort-inline can't be updated by snort
rules maybe unless you change the configuration.
so, I'm regreting using it. :(




On 1/17/13, jankins <andyjian430074 at gmail.com> wrote:
>
> 1. Sure. Connection limitation in Honeywall can limit how many outbound
> connections from Dionaea can be made like per second, minute, hour, etc.
> While/black list can also be used. Also, snort-inline can detect common
> attacks. You should, of course, update snort-inline signature database on
> daily basis.
>
> 2. It's better to use some containment policies.
>
> Jankins
>
>
> ----- Receiving the following content -----
> From: Najmeh Rezatash
> Receiver: honeywall
> Time: 2012-12-17, 06:19:16
> Subject: [Honeywall] Roo HoneyWall with Dionaea Honeypot
>
>
> Hi All,
> I've deployed two Dionaea Honeypots and I want to use Roo HoneyWall just for
> Secureguarding my honeypots. Dionaea honeypot is a low interaction Honeypot
> and has its own data capture techniques, it stores malware samples and
> attack information on disk. So I do not require sebek to capture data. I
> just want to use Roo HoneyWall for data control purpose. I mean Just for
> Traffic shaping, connection limit and using snort-inline. my Questions are:
>
> 1- is it possible to use Roo just for data control of Dionaea honeypot?
> 2- I want to use honeypots as sensors in my lan, Lan1, so they have IPs in
> Lan1 range like 192.168.1.x and management host is also in Lan1. is this
> reasonable to have such configuration from security point of view?
>


More information about the Honeywall mailing list