Date: Tue, 25 Sep 2001 16:59:20 +0200 From: Laurent Fabre <fabre@matranet.com> To: "Karl M. Joch" <k.joch@kmjeuro.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: LaBrea for BSD? Message-ID: <200109251455.QAA28275@malraux.matranet.com> References: <20010924162750.24311@shalmaneser.thelbane.com> <200109241645.SAA02368@malraux.matranet.com> <200109251018.MAA08113@malraux.matranet.com> <200109251339.PAA22725@malraux.matranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Karl M. Joch wrote: > there is one strange thing. it runs here now partially. but the > following points are strange: > > a) the non used ip doesnt ping back as mentioned in the doc (ether > without -a or with -a) > > b) it works mostly in the night here when traffic is low. as soon as > traffic in the net increases it stops working. means, it still runs, but > doesnt log any activity/teergrubing into the log (running -lv). it still > logs bandwidth used with 0. and there would be activities (seen in logs > of other servers) which would fall under labreas responsibility. > > compiling and linking (also static) works fine. no errors here and while > running. i have it on an own box (P66/64MB/1.5GB SCSI) with labrea only > on 4.4-stable. > > the code is far to deep in the ethernet stuff for my c knowledge. i > looked at it, but ..... > > > Karl > > Laurent Fabre wrote: > >> Chris Faulhaber wrote: >> >>> On Mon, Sep 24, 2001 at 11:27:50AM -0500, Timothy Knox wrote: >>> >>>> Has anyone here looked at LaBrea <http://hts.dshield.org/LaBrea/>? >>>> If so, >>>> how much effort would be needed to port it to FreeBSD? It seems like an >>>> interesting idea, and a potentially amusing way to slow the spread of >>>> these darn IIS worms. >>>> >>> >>> Actually I have an [untested] port at: >>> >>> http://people.FreeBSD.org/~jedgar/labrea.shar >>> >>> It builds and installs but I haven't had the time to test >>> its functionality. >>> >> As far as i know it uses only libnet and libpcap, which are both >> ported librairy, >> so if it works under Linux i can't figure a reason why it should'nt >> under BSD >> (other than a lib installation misbehavior). >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Actually it's a libpcap issue i think. As soon as the traffic gets high you start loosing frame and the processing takes huge time to complete. So there's a performance issue only in the capture phase and not on the reply react phase. Problem is i don't see anything else than libpcap to capture packets.... -- #--------------------------------------------# # Laurent Fabre # # fabre@matranet.com # /\ ASCII ribbon # EADS, Matranet Product Group # \/ campaign # # /\ against # "foreach if-diff, # / \ HTML email # you need to re-make world...." # #--------------------------------------------# To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109251455.QAA28275>