From owner-freebsd-questions Fri Aug 17 12:49:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp010.mail.yahoo.com (smtp010.mail.yahoo.com [216.136.173.30]) by hub.freebsd.org (Postfix) with SMTP id 17DE737B40C for ; Fri, 17 Aug 2001 12:49:13 -0700 (PDT) (envelope-from rmardo@yahoo.com) Received: from unknown (HELO rino) (202.69.161.87) by smtp.mail.vip.sc5.yahoo.com with SMTP; 17 Aug 2001 19:49:11 -0000 X-Apparently-From: Message-ID: <010e01c12758$1e22ffa0$57a145ca@rino> From: "Rino Mardo" To: "Dave" Cc: References: <001f01c1274e$cdc8b620$3400a8c0@mandy> Subject: Re: IDS Date: Sat, 18 Aug 2001 03:56:35 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG check whitehat.com as they have some nifty tools there to help you analyse/act on snort's output. it is made for Unix. :-) Rino ----- Original Message ----- From: Dave To: ; Sent: Saturday, August 18, 2001 2:59 AM Subject: IDS > Hello, > I have been using snort for some time now and I stumbled across a > program named Hogwash (http://hogwash.sourceforge.org) which uses the snort > base to detect possible intrusion, but then DROPS the packet if it matches a > ruleset. E.g. Code red can just be dropped instead of blocking port 80. > > This seems like a very good idea to me however hogwash is a linux program. > Can anyone perhaps recommend another program and/or method to do this. > > Thanks in advance, > --Dave. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message