From owner-freebsd-security  Thu Sep 27 21:30:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70])
	by hub.freebsd.org (Postfix) with ESMTP id 6082537B40A
	for <security@FreeBSD.ORG>; Thu, 27 Sep 2001 21:30:38 -0700 (PDT)
Received: (from fasty@localhost)
	by I-Sphere.COM (8.11.6/8.11.6) id f8S4Vrx92018;
	Thu, 27 Sep 2001 21:31:53 -0700 (PDT)
	(envelope-from fasty)
Date: Thu, 27 Sep 2001 21:31:53 -0700
From: faSty <fasty@i-sphere.com>
To: Mike Tancsa <mike@sentex.net>
Cc: security@FreeBSD.ORG
Subject: Re: inspecting data with ipfw (ala hogwash)
Message-ID: <20010927213153.A91935@i-sphere.com>
References: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12>; from mike@sentex.net on Thu, Sep 27, 2001 at 11:25:34PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

yes, I used Guardian for snort on FreeBSD. It works very well.

-trev

On Thu, Sep 27, 2001 at 11:25:34PM -0400, Mike Tancsa wrote:
> 
> Does anyone know of any patches similar in function to what hogwash does ? 
> (http://hogwash.sourceforge.net).  Basically something to deny packets 
> based on the content of the packets.  With the latest iptables on LINUX, 
> you can now do matching on data portion as well.  Something like
> 
> ipfw add 666 deny log tcp from any to me 80 data "*scripts/cmd.exe*" ?
> 
> would be what I am after
> 
> 	---Mike
> 
> --------------------------------------------------------------------
> Mike Tancsa,                          	          tel +1 519 651 3400
> Sentex Communications,     			  mike@sentex.net
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada			  www.sentex.net/mike
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
"It's a small world, but I wouldn't want to have to paint it."
		-- Steven Wright

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message