Date: Tue, 12 Mar 2002 23:34:05 +0000 (GMT) From: "Alex C. Jokela" <alex@camulus.com> To: Julian Elischer <julian@elischer.org> Cc: Poul-Henning Kamp <phk@freebsd.org>, <hackers@freebsd.org>, <security@freebsd.org> Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <20020312232838.R50303-100000@duluth.camulus.org> In-Reply-To: <Pine.BSF.4.21.0203121503230.70491-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
what about a program - like snort - but instead of listening on an interface, it would listen on your divert(4) socket. a setup like this could actually help snort (or an other program) be more responsive. i know that i have run into troubles with snort's flex-resp mechanism not stopping packets. with the divert(4) socket, i think you would be able to stop packets dead in their tracks. -aj- ---- http://www.camulus.org/ On Tue, 12 Mar 2002, Julian Elischer wrote: > nice idea.. procmail for packets. > > > On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > > > > Here is something I miss a lot: > > > > I would like a small program which can listen to a specified divert(4) > > socket and act on the incoming packets. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312232838.R50303-100000>