From owner-freebsd-net@FreeBSD.ORG Fri Feb 17 00:07:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8E9E16A420; Fri, 17 Feb 2006 00:07:00 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C18943D46; Fri, 17 Feb 2006 00:07:00 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/8.12.11/smtpout10/MantshX 4.0) with ESMTP id k1H06xsK026706; Thu, 16 Feb 2006 16:07:00 -0800 (PST) Received: from [192.168.1.3] (pool-68-161-67-103.ny325.east.verizon.net [68.161.67.103]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id k1H06jf7029094 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Feb 2006 16:06:59 -0800 (PST) Message-ID: <43F51396.5000302@mac.com> Date: Thu, 16 Feb 2006 19:06:46 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: joe@joeholden.co.uk References: <43F4EB72.5090702@joeholden.co.uk> In-Reply-To: <43F4EB72.5090702@joeholden.co.uk> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, freebsd-net@freebsd.org Subject: Re: (no subject) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 00:07:00 -0000 Joe Holden wrote: [ ... ] > I'm looking at creating an intrusion detection system, similiar to > portsentry, however using bpf/tcpdump to monitor all traffic, without > needing to listen on those ports, it will be run on a border router, and > as such will need to check for incoming packets destined for other > machines too, and blackhole/add ipfw rules as needed. Are there any > tools like this currently available, or a number of tools I can put > together to create something like this? Check out /usr/ports/net/honeyd and the Honeynet project... -- -Chuck