I need someone who is good at writing snort rule to redirect malware download which is destined for the victim pc to a honeypot. So snort inline is used as a gateway between the internet and internal network. The victim (windows 7) tries to download from the web server (backtrack)(maybe malicious). Snort in the middle will redirect the download to the honeypot. It also needs to notify the victim that the file is being analysis. The notification happens once the file is being redirected.
So what is really needed?
1. Snort rule for the detection and redirection
2. The notification function in a form of web.
All programming needs to be done in python 2.7.
I have attached a pcap file as a reference. This file contains locky ransomware. Please open it with wireshark and do not try to extract the payload. I will not be responsible for any infection.