Date: Thu, 27 Sep 2001 21:31:53 -0700 From: faSty <fasty@i-sphere.com> To: Mike Tancsa <mike@sentex.net> Cc: security@FreeBSD.ORG Subject: Re: inspecting data with ipfw (ala hogwash) Message-ID: <20010927213153.A91935@i-sphere.com> In-Reply-To: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12>; from mike@sentex.net on Thu, Sep 27, 2001 at 11:25:34PM -0400 References: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
yes, I used Guardian for snort on FreeBSD. It works very well. -trev On Thu, Sep 27, 2001 at 11:25:34PM -0400, Mike Tancsa wrote: > > Does anyone know of any patches similar in function to what hogwash does ? > (http://hogwash.sourceforge.net). Basically something to deny packets > based on the content of the packets. With the latest iptables on LINUX, > you can now do matching on data portion as well. Something like > > ipfw add 666 deny log tcp from any to me 80 data "*scripts/cmd.exe*" ? > > would be what I am after > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- "It's a small world, but I wouldn't want to have to paint it." -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927213153.A91935>