Date: Wed, 25 Feb 2004 12:29:07 -0500 (EST) From: Matthew George <mdg@secureworks.net> To: Borja Marcos <borjamar@sarenet.es> Cc: freebsd-security@freebsd.org Subject: Re: improve ipfw rules Message-ID: <20040225122505.M28880@localhost> In-Reply-To: <7BB83E65-677C-11D8-ABA5-000393C94468@sarenet.es> References: <FE045D4D9F7AED4CBFF1B3B813C853370397699F@mail.sandvine.com> <7BB83E65-677C-11D8-ABA5-000393C94468@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Feb 2004, Borja Marcos wrote: > > It is my hope that someday someone will step in and implement a similar > > system under FreeBSD. But i think it requires quite a lot of work and > > possibly > > major rebuilding of ipfw if it needs to be integrated (which would be > > great) > > =09=BFPerhaps Snort with Flexresp? It should be able to close a connectio= n > upon detection of a signature. > The difference is that snort is still packet based. You'd need to have the concept of data stream analysis in order to really implement an effective application layer protocol analysis engine. --=20 Matthew George SecureWorks Technical Operations 404.327.6339
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040225122505.M28880>