From owner-freebsd-security Thu Sep 27 20:25:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id CAE8B37B401 for ; Thu, 27 Sep 2001 20:25:44 -0700 (PDT) Received: (from root@localhost) by cage.simianscience.com (8.11.6/8.11.6) id f8S3Pit41583 for security@freebsd.org; Thu, 27 Sep 2001 23:25:44 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id f8S3PaG41566 for ; Thu, 27 Sep 2001 23:25:36 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 27 Sep 2001 23:25:34 -0400 To: security@freebsd.org From: Mike Tancsa Subject: inspecting data with ipfw (ala hogwash) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does anyone know of any patches similar in function to what hogwash does ? (http://hogwash.sourceforge.net). Basically something to deny packets based on the content of the packets. With the latest iptables on LINUX, you can now do matching on data portion as well. Something like ipfw add 666 deny log tcp from any to me 80 data "*scripts/cmd.exe*" ? would be what I am after ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message