From owner-freebsd-security Tue Sep 25 7:54:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from malraux.matranet.com (malraux.matranet.com [194.117.213.2]) by hub.freebsd.org (Postfix) with ESMTP id 7E29237B42F for ; Tue, 25 Sep 2001 07:54:09 -0700 (PDT) Received: by malraux.matranet.com; id QAA28275; Tue, 25 Sep 2001 16:55:04 +0200 (CEST) Message-Id: <200109251455.QAA28275@malraux.matranet.com> Date: Tue, 25 Sep 2001 16:59:20 +0200 From: Laurent Fabre User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010924 X-Accept-Language: en-us MIME-Version: 1.0 To: "Karl M. Joch" Cc: freebsd-security@FreeBSD.ORG Subject: Re: LaBrea for BSD? References: <20010924162750.24311@shalmaneser.thelbane.com> <200109241645.SAA02368@malraux.matranet.com> <200109251018.MAA08113@malraux.matranet.com> <200109251339.PAA22725@malraux.matranet.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Karl M. Joch wrote: > there is one strange thing. it runs here now partially. but the > following points are strange: > > a) the non used ip doesnt ping back as mentioned in the doc (ether > without -a or with -a) > > b) it works mostly in the night here when traffic is low. as soon as > traffic in the net increases it stops working. means, it still runs, but > doesnt log any activity/teergrubing into the log (running -lv). it still > logs bandwidth used with 0. and there would be activities (seen in logs > of other servers) which would fall under labreas responsibility. > > compiling and linking (also static) works fine. no errors here and while > running. i have it on an own box (P66/64MB/1.5GB SCSI) with labrea only > on 4.4-stable. > > the code is far to deep in the ethernet stuff for my c knowledge. i > looked at it, but ..... > > > Karl > > Laurent Fabre wrote: > >> Chris Faulhaber wrote: >> >>> On Mon, Sep 24, 2001 at 11:27:50AM -0500, Timothy Knox wrote: >>> >>>> Has anyone here looked at LaBrea ? >>>> If so, >>>> how much effort would be needed to port it to FreeBSD? It seems like an >>>> interesting idea, and a potentially amusing way to slow the spread of >>>> these darn IIS worms. >>>> >>> >>> Actually I have an [untested] port at: >>> >>> http://people.FreeBSD.org/~jedgar/labrea.shar >>> >>> It builds and installs but I haven't had the time to test >>> its functionality. >>> >> As far as i know it uses only libnet and libpcap, which are both >> ported librairy, >> so if it works under Linux i can't figure a reason why it should'nt >> under BSD >> (other than a lib installation misbehavior). >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Actually it's a libpcap issue i think. As soon as the traffic gets high you start loosing frame and the processing takes huge time to complete. So there's a performance issue only in the capture phase and not on the reply react phase. Problem is i don't see anything else than libpcap to capture packets.... -- #--------------------------------------------# # Laurent Fabre # # fabre@matranet.com # /\ ASCII ribbon # EADS, Matranet Product Group # \/ campaign # # /\ against # "foreach if-diff, # / \ HTML email # you need to re-make world...." # #--------------------------------------------# To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message