GitHub - cssaheel/snort-redirector: this tool for redirecting a portion of the detected suspicious traffic to a honeypot machine depending on the priority number at snort alerts.

cssaheel / snort-redirector Public

Notifications You must be signed in to change notification settings
Fork 2
Star 3

this tool for redirecting a portion of the detected suspicious traffic to a honeypot machine depending on the priority number at snort alerts.

GPL-2.0 license

3 stars 2 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
nbproject		nbproject
src		src
GPL-LICENSE.txt		GPL-LICENSE.txt
README		README
Screen1.PNG		Screen1.PNG
Screen2.PNG		Screen2.PNG
build.xml		build.xml
manifest.mf		manifest.mf

Repository files navigation

Snort has limited actions same as ( alert, log, drop, etc..) but it doesn't has REDIRECT action,
this tool can redirect the suspicious connections if they were matched with snort rules
which have 'alert' as an action. this will be done by making the user specify a priority
number, so if snort alerted the specified priority number or any higher severity priority
number ( smaller priority number has higher severity ) then the whole traffic of the suspicious
ip will be redirected to a honeypot machine and for this the tool need iptables to be configured.
Remember this tool will consider only snort rules with 'alert' as an action. this tool also
offer a monitoring console for the redirected connections this has been done by implementing tcpdump sniffer.
All this come with friendly graphical user interface.