Re: LaBrea for BSD?
From: Laurent Fabre (fabre@matranet.com)
Date: 09/25/01
- Next message: Brett Glass: "Re: LaBrea for BSD?"
- Previous message: Clinton: "Fwd:"
- Maybe in reply to: Timothy Knox: "LaBrea for BSD?"
- Next in thread: Karl M. Joch: "Re: LaBrea for BSD?"
- Reply: Karl M. Joch: "Re: LaBrea for BSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Sep 2001 16:59:20 +0200 From: Laurent Fabre <fabre@matranet.com> To: "Karl M. Joch" <k.joch@kmjeuro.com>
Karl M. Joch wrote:
> there is one strange thing. it runs here now partially. but the
> following points are strange:
>
> a) the non used ip doesnt ping back as mentioned in the doc (ether
> without -a or with -a)
>
> b) it works mostly in the night here when traffic is low. as soon as
> traffic in the net increases it stops working. means, it still runs, but
> doesnt log any activity/teergrubing into the log (running -lv). it still
> logs bandwidth used with 0. and there would be activities (seen in logs
> of other servers) which would fall under labreas responsibility.
>
> compiling and linking (also static) works fine. no errors here and while
> running. i have it on an own box (P66/64MB/1.5GB SCSI) with labrea only
> on 4.4-stable.
>
> the code is far to deep in the ethernet stuff for my c knowledge. i
> looked at it, but .....
>
>
> Karl
>
> Laurent Fabre wrote:
>
>> Chris Faulhaber wrote:
>>
>>> On Mon, Sep 24, 2001 at 11:27:50AM -0500, Timothy Knox wrote:
>>>
>>>> Has anyone here looked at LaBrea <http://hts.dshield.org/LaBrea/>?
>>>> If so,
>>>> how much effort would be needed to port it to FreeBSD? It seems like an
>>>> interesting idea, and a potentially amusing way to slow the spread of
>>>> these darn IIS worms.
>>>>
>>>
>>> Actually I have an [untested] port at:
>>>
>>> http://people.FreeBSD.org/~jedgar/labrea.shar
>>>
>>> It builds and installs but I haven't had the time to test
>>> its functionality.
>>>
>> As far as i know it uses only libnet and libpcap, which are both
>> ported librairy,
>> so if it works under Linux i can't figure a reason why it should'nt
>> under BSD
>> (other than a lib installation misbehavior).
>>
>>
>>
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-security" in the body of the message
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
Actually it's a libpcap issue i think.
As soon as the traffic gets high you start loosing frame
and the processing takes huge time to complete.
So there's a performance issue only in the capture phase
and not on the reply react phase.
Problem is i don't see anything else than libpcap to capture packets....
-- #--------------------------------------------# # Laurent Fabre # # fabre@matranet.com # /\ ASCII ribbon # EADS, Matranet Product Group # \/ campaign # # /\ against # "foreach if-diff, # / \ HTML email # you need to re-make world...." # #--------------------------------------------# To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Brett Glass: "Re: LaBrea for BSD?"
- Previous message: Clinton: "Fwd:"
- Maybe in reply to: Timothy Knox: "LaBrea for BSD?"
- Next in thread: Karl M. Joch: "Re: LaBrea for BSD?"
- Reply: Karl M. Joch: "Re: LaBrea for BSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
