Re: improve ipfw rules
From: Matthew George (mdg_at_secureworks.net)
Date: 02/25/04
- Previous message: Martin Jessa: "Re: improve ipfw rules"
- In reply to: Borja Marcos: "Re: improve ipfw rules"
- Next in thread: Dorin H: "Re: improve ipfw rules"
- Reply: Dorin H: "Re: improve ipfw rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Feb 2004 12:29:07 -0500 (EST) To: Borja Marcos <borjamar@sarenet.es>
On Wed, 25 Feb 2004, Borja Marcos wrote:
> > It is my hope that someday someone will step in and implement a similar
> > system under FreeBSD. But i think it requires quite a lot of work and
> > possibly
> > major rebuilding of ipfw if it needs to be integrated (which would be
> > great)
>
> ¿Perhaps Snort with Flexresp? It should be able to close a connection
> upon detection of a signature.
>
The difference is that snort is still packet based. You'd need to have
the concept of data stream analysis in order to really implement an
effective application layer protocol analysis engine.
-- Matthew George SecureWorks Technical Operations 404.327.6339 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Martin Jessa: "Re: improve ipfw rules"
- In reply to: Borja Marcos: "Re: improve ipfw rules"
- Next in thread: Dorin H: "Re: improve ipfw rules"
- Reply: Dorin H: "Re: improve ipfw rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
