Date: Tue, 25 Sep 2001 15:37:31 +0200 From: "Karl M. Joch" <k.joch@kmjeuro.com> To: Laurent Fabre <fabre@matranet.com> Cc: freebsd-security@freebsd.org Subject: Re: LaBrea for BSD? Message-ID: <3BB0889B.1040308@kmjeuro.com> References: <20010924162750.24311@shalmaneser.thelbane.com> <200109241645.SAA02368@malraux.matranet.com> <200109251018.MAA08113@malraux.matranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
there is one strange thing. it runs here now partially. but the following points are strange: a) the non used ip doesnt ping back as mentioned in the doc (ether without -a or with -a) b) it works mostly in the night here when traffic is low. as soon as traffic in the net increases it stops working. means, it still runs, but doesnt log any activity/teergrubing into the log (running -lv). it still logs bandwidth used with 0. and there would be activities (seen in logs of other servers) which would fall under labreas responsibility. compiling and linking (also static) works fine. no errors here and while running. i have it on an own box (P66/64MB/1.5GB SCSI) with labrea only on 4.4-stable. the code is far to deep in the ethernet stuff for my c knowledge. i looked at it, but ..... Karl Laurent Fabre wrote: > Chris Faulhaber wrote: > >> On Mon, Sep 24, 2001 at 11:27:50AM -0500, Timothy Knox wrote: >> >>> Has anyone here looked at LaBrea <http://hts.dshield.org/LaBrea/>? If >>> so, >>> how much effort would be needed to port it to FreeBSD? It seems like an >>> interesting idea, and a potentially amusing way to slow the spread of >>> these darn IIS worms. >>> >> >> Actually I have an [untested] port at: >> >> http://people.FreeBSD.org/~jedgar/labrea.shar >> >> It builds and installs but I haven't had the time to test >> its functionality. >> > As far as i know it uses only libnet and libpcap, which are both ported > librairy, > so if it works under Linux i can't figure a reason why it should'nt > under BSD > (other than a lib installation misbehavior). > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BB0889B.1040308>