Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Mar 2002 23:34:05 +0000 (GMT)
From:      "Alex C. Jokela" <alex@camulus.com>
To:        Julian Elischer <julian@elischer.org>
Cc:        Poul-Henning Kamp <phk@freebsd.org>, <hackers@freebsd.org>, <security@freebsd.org>
Subject:   Re: Userland Hacker Task: divert socket listener...
Message-ID:  <20020312232838.R50303-100000@duluth.camulus.org>
In-Reply-To: <Pine.BSF.4.21.0203121503230.70491-100000@InterJet.elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help

what about a program - like snort - but instead of listening on an
interface, it would listen on your divert(4) socket.  a setup like this
could actually help snort (or an other program) be more responsive.

i know that i have run into troubles with snort's flex-resp mechanism not
stopping packets.  with the divert(4) socket, i think you would be able
to stop packets dead in their tracks.

  -aj-

----
  http://www.camulus.org/

On Tue, 12 Mar 2002, Julian Elischer wrote:

> nice idea.. procmail for packets.
>
>
> On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:
>
> >
> > Here is something I miss a lot:
> >
> > I would like a small program which can listen to a specified divert(4)
> > socket and act on the incoming packets.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312232838.R50303-100000>