From owner-freebsd-security Wed Sep 26 15: 7:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id 697B737B41D for ; Wed, 26 Sep 2001 15:07:10 -0700 (PDT) Received: (from root@localhost) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) id f8QM78A87584 for security@freebsd.org; Thu, 27 Sep 2001 00:07:08 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Received: from karl (99a5f3daa1b1702e6e46e6872e28fd48@adsl.ooe.kmjeuro.com [193.154.186.21]) (authenticated) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) with ESMTP id f8QM6sv87180; Thu, 27 Sep 2001 00:06:54 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <006e01c146d7$fff4f0c0$0a05a8c0@ooe.kmjeuro.com> From: "Karl M. Joch" To: "Laurent Fabre" , "Will Andrews" Cc: "FreeBSD Security" References: <20010924162750.24311@shalmaneser.thelbane.com> <4.3.2.7.2.20010925105333.04794430@localhost> <200109261355.PAA27232@malraux.matranet.com> <200109261414.QAA28606@malraux.matranet.com> Subject: Re: LaBrea for BSD? Date: Thu, 27 Sep 2001 00:09:58 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X--virus-scanner: scanned for Virus and dangerous attachments on sv07e.atm-tzs.kmjeuro.com (System Setup/Maintainance: http://www.ctseuro.com/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Laurent Fabre" To: "Will Andrews" Cc: "FreeBSD Security" Sent: Wednesday, September 26, 2001 4:18 PM Subject: Re: LaBrea for BSD? > Will Andrews wrote: > > On Tue, Sep 25, 2001 at 10:54:37AM -0600, Brett Glass (brett@lariat.org) wrote: > > > >>It would be MUCH better to rewrite it rather than port it. The authors > >>have stamped the GPL on it. The last thing we need (IMHO) is to > >>spread one virus while attempting to catch another! > >> > > > > It would be MUCH better to stop using Windows than to spout > > nonsense like this. > > > > > > This discussion is off-topic. > > I'm writing a new version of it because i think this little > piece of code is a good idea but it also lacks features. > I want to be able to emulate stacks behaviors on a OS basis > and try to speed up a bit the capturing process. > If u got other things in mind let's discuss them. > if i would be able to rewrite this i would add one feature for systems only having 1 IP from their provider. eg. i have lots of systems at customers on a adsl or leased line base having 1 ip and running only ipfw/nat + maybe a mail server or ssh. it would be great to have a file like the ExcludeFiles in LaBrea to define ports which are to take care of. so if one tries to access eg. 23,21,3128.... it should start working. this would give people with only 1 ip the possibility to run it too. but that are just my 2 cents. Karl > > > -- > #--------------------------------------------# > # Laurent Fabre # > # fabre@matranet.com # /\ ASCII ribbon > # EADS, Matranet Product Group # \/ campaign > # # /\ against > # "foreach if-diff, # / \ HTML email > # you need to re-make world...." # > #--------------------------------------------# > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message