From owner-freebsd-security Tue Sep 25 6:37:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id 3E79E37B416 for ; Tue, 25 Sep 2001 06:37:48 -0700 (PDT) Received: (from root@localhost) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) id f8PDbjS84415 for freebsd-security@freebsd.org; Tue, 25 Sep 2001 15:37:45 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Received: from kmjeuro.com (adsl.sbg.kmjeuro.com [193.154.189.16]) (authenticated) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) with ESMTP id f8PDbXv84147; Tue, 25 Sep 2001 15:37:33 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <3BB0889B.1040308@kmjeuro.com> Date: Tue, 25 Sep 2001 15:37:31 +0200 From: "Karl M. Joch" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010812 X-Accept-Language: en-us MIME-Version: 1.0 To: Laurent Fabre Cc: freebsd-security@freebsd.org Subject: Re: LaBrea for BSD? References: <20010924162750.24311@shalmaneser.thelbane.com> <200109241645.SAA02368@malraux.matranet.com> <200109251018.MAA08113@malraux.matranet.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X--virus-scanner: scanned for Virus and dangerous attachments on sv07e.atm-tzs.kmjeuro.com (System Setup/Maintainance: http://www.ctseuro.com/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org there is one strange thing. it runs here now partially. but the following points are strange: a) the non used ip doesnt ping back as mentioned in the doc (ether without -a or with -a) b) it works mostly in the night here when traffic is low. as soon as traffic in the net increases it stops working. means, it still runs, but doesnt log any activity/teergrubing into the log (running -lv). it still logs bandwidth used with 0. and there would be activities (seen in logs of other servers) which would fall under labreas responsibility. compiling and linking (also static) works fine. no errors here and while running. i have it on an own box (P66/64MB/1.5GB SCSI) with labrea only on 4.4-stable. the code is far to deep in the ethernet stuff for my c knowledge. i looked at it, but ..... Karl Laurent Fabre wrote: > Chris Faulhaber wrote: > >> On Mon, Sep 24, 2001 at 11:27:50AM -0500, Timothy Knox wrote: >> >>> Has anyone here looked at LaBrea ? If >>> so, >>> how much effort would be needed to port it to FreeBSD? It seems like an >>> interesting idea, and a potentially amusing way to slow the spread of >>> these darn IIS worms. >>> >> >> Actually I have an [untested] port at: >> >> http://people.FreeBSD.org/~jedgar/labrea.shar >> >> It builds and installs but I haven't had the time to test >> its functionality. >> > As far as i know it uses only libnet and libpcap, which are both ported > librairy, > so if it works under Linux i can't figure a reason why it should'nt > under BSD > (other than a lib installation misbehavior). > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message