Date: Wed, 25 Feb 2004 20:02:10 -0800 (PST) From: Dorin H <bj93542@yahoo.com> To: Matthew George <mdg@secureworks.net> Cc: freebsd-security@freebsd.org Subject: Re: improve ipfw rules Message-ID: <20040226040210.25663.qmail@web12609.mail.yahoo.com> In-Reply-To: <20040225122505.M28880@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Matthew George <mdg@secureworks.net> wrote: > On Wed, 25 Feb 2004, Borja Marcos wrote: > > > > It is my hope that someday someone will step in > and implement a similar > > > system under FreeBSD. > > The difference is that snort is still packet based. > You'd need to have > the concept of data stream analysis in order to > really implement an > effective application layer protocol analysis > engine. > Snort http plugin does "application-level" stream analysis, AFAIK. Why you could not design a similar plugin, or just some well written rules ? (just 2c)Use snortsam to alert the firewall (FBSD ipf for example) to block the traffic, and keep the fw free of stateful traffic analysis as much as possible. For the sake of performance. BTW, does anyone know if snortsam work with ipfw? /Dorin. __________________________________ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040226040210.25663.qmail>