From owner-freebsd-security Tue Mar 12 15:34:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from duluth.camulus.org (c24.158.24.190.dul.mn.charter.com [24.158.24.190]) by hub.freebsd.org (Postfix) with ESMTP id 2C54437B400; Tue, 12 Mar 2002 15:34:26 -0800 (PST) Received: from nihilist.local.net (nihilist.local.net [192.168.100.1]) by duluth.camulus.org (8.11.6/8.11.6) with ESMTP id g2CNY5T50339; Tue, 12 Mar 2002 23:34:05 GMT (envelope-from alex@camulus.com) Date: Tue, 12 Mar 2002 23:34:05 +0000 (GMT) From: "Alex C. Jokela" X-X-Sender: alex@duluth.camulus.org To: Julian Elischer Cc: Poul-Henning Kamp , , Subject: Re: Userland Hacker Task: divert socket listener... In-Reply-To: Message-ID: <20020312232838.R50303-100000@duluth.camulus.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org what about a program - like snort - but instead of listening on an interface, it would listen on your divert(4) socket. a setup like this could actually help snort (or an other program) be more responsive. i know that i have run into troubles with snort's flex-resp mechanism not stopping packets. with the divert(4) socket, i think you would be able to stop packets dead in their tracks. -aj- ---- http://www.camulus.org/ On Tue, 12 Mar 2002, Julian Elischer wrote: > nice idea.. procmail for packets. > > > On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > > > > Here is something I miss a lot: > > > > I would like a small program which can listen to a specified divert(4) > > socket and act on the incoming packets. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message