From owner-freebsd-net@FreeBSD.ORG Thu Feb 16 21:15:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8A7816A420; Thu, 16 Feb 2006 21:15:41 +0000 (GMT) (envelope-from joe@joeholden.co.uk) Received: from elise.rewt.org.uk (elise.rewt.org.uk [82.152.108.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8F0543D6B; Thu, 16 Feb 2006 21:15:37 +0000 (GMT) (envelope-from joe@joeholden.co.uk) Received: from [82.152.108.166] (im.a.raver.not.a.fucking.drug-addict.be [82.152.108.166]) (authenticated bits=0) by elise.rewt.org.uk (8.13.5/8.13.4) with ESMTP id k1GLFdH2011193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Feb 2006 21:15:39 GMT (envelope-from joe@joeholden.co.uk) Message-ID: <43F4EB72.5090702@joeholden.co.uk> Date: Thu, 16 Feb 2006 21:15:30 +0000 From: Joe Holden User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-isp@freebsd.org, freebsd-net@freebsd.org X-Enigmail-Version: 0.94.0.0 OpenPGP: id=13A6D1E7; url=http://www.joeholden.co.uk/pubkey.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig44DD52E44DE515495371D51B" Cc: Subject: (no subject) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: joe@joeholden.co.uk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 21:15:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig44DD52E44DE515495371D51B Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Hello list! Sorry for posting this to both, however I wasn't sure which it applied to= =2E I'm looking at creating an intrusion detection system, similiar to=20 portsentry, however using bpf/tcpdump to monitor all traffic, without=20 needing to listen on those ports, it will be run on a border router, and = as such will need to check for incoming packets destined for other=20 machines too, and blackhole/add ipfw rules as needed. Are there any=20 tools like this currently available, or a number of tools I can put=20 together to create something like this? --=20 With thanks, Joe Holden Freelance Network Engineer / Consultant FreeBSD Port Maintainer http://www.joeholden.co.uk Pub Key: http://www.joeholden.co.uk/pubkey.asc Contact: Finger me! --------------enig44DD52E44DE515495371D51B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD9OtydQJXshOm0ecRAtNuAKCWBQK2J0/zq4GwlfgkzQlwPH16OQCffgxx XU9/nQjToqZTgL2W9kxCOXs= =HG5Q -----END PGP SIGNATURE----- --------------enig44DD52E44DE515495371D51B--