Re: inspecting data with ipfw (ala hogwash)
From: ryan beasley (ryanb@goddamn***.org)
Date: 09/28/01
- Next message: Lotuzas Tadas: "About PAM"
- Previous message: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- In reply to: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- Next in thread: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Sep 2001 00:46:33 -0500 From: ryan beasley <ryanb@goddamn***.org> To: faSty <fasty@i-sphere.com>
On Thu, Sep 27, 2001 at 09:31:53PM -0700, faSty wrote:
> yes, I used Guardian for snort on FreeBSD. It works very well.
Hm, I don't believe that this is what Mike was looking for.
Guardian, at least from my understanding, adds deny rules to your
firewall based on incoming packets. Hogwash, on the other hand,
works at a lower level (it handles Ethernet framing, right? I'm a
bit tired to check at the moment. <grin>) and simply acts on the
packet/frame without mucking w/ firewall rules whatsoever.
I hope that was accurate, and more importantly, helps.
g'night!
-- ryan beasley <ryanb@goddamn***.org> professional fat *** http://www.goddamn***.org GPG Key ID 0x36321D13 with fingerprint 2074 CEB8 68AD 351A 85E6 98EB 09BA 36D9 3632 1D13
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Lotuzas Tadas: "About PAM"
- Previous message: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- In reply to: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- Next in thread: faSty: "Re: inspecting data with ipfw (ala hogwash)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
