inspecting data with ipfw (ala hogwash)

From: Mike Tancsa (mike@sentex.net)
Date: 09/28/01 

Date: Thu, 27 Sep 2001 23:25:34 -0400
To: security@freebsd.org
From: Mike Tancsa <mike@sentex.net>

Does anyone know of any patches similar in function to what hogwash does ?
(http://hogwash.sourceforge.net). Basically something to deny packets
based on the content of the packets. With the latest iptables on LINUX,
you can now do matching on data portion as well. Something like

ipfw add 666 deny log tcp from any to me 80 data "*scripts/cmd.exe*" ?

would be what I am after

        ---Mike

--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: inspecting data with ipfw (ala hogwash)
    ... > Does anyone know of any patches similar in function to what hogwash does? ... Basically something to deny packets ... > you can now do matching on data portion as well. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: inspecting data with ipfw (ala hogwash)
    ... Guardian's website http://home.golden.net/~elim/ ... > Does anyone know of any patches similar in function to what hogwash does? ... Basically something to deny packets ...
    (FreeBSD-Security)
  • Re: inspecting data with ipfw (ala hogwash)
    ... I used Guardian for snort on FreeBSD. ... > Does anyone know of any patches similar in function to what hogwash does? ... Basically something to deny packets ...
    (FreeBSD-Security)