Date: Fri, 28 Sep 2001 00:46:33 -0500 From: ryan beasley <ryanb@goddamnbastard.org> To: faSty <fasty@i-sphere.com> Cc: Mike Tancsa <mike@sentex.net>, security@FreeBSD.ORG Subject: Re: inspecting data with ipfw (ala hogwash) Message-ID: <20010928004633.A52008@bjorn.goddamnbastard.org> In-Reply-To: <20010927213153.A91935@i-sphere.com>; from fasty@i-sphere.com on Thu, Sep 27, 2001 at 09:31:53PM -0700 References: <5.1.0.14.0.20010927231534.036396f0@192.168.0.12> <20010927213153.A91935@i-sphere.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Sep 27, 2001 at 09:31:53PM -0700, faSty wrote:
> yes, I used Guardian for snort on FreeBSD. It works very well.
Hm, I don't believe that this is what Mike was looking for.
Guardian, at least from my understanding, adds deny rules to your
firewall based on incoming packets. Hogwash, on the other hand,
works at a lower level (it handles Ethernet framing, right? I'm a
bit tired to check at the moment. <grin>) and simply acts on the
packet/frame without mucking w/ firewall rules whatsoever.
I hope that was accurate, and more importantly, helps.
g'night!
--=20
ryan beasley <ryanb@goddamnbastard.org>
professional fat bastard http://www.goddamnbastard.org
GPG Key ID 0x36321D13 with fingerprint
2074 CEB8 68AD 351A 85E6 98EB 09BA 36D9 3632 1D13
--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7tA64Cbo22TYyHRMRAn6zAJ0XhRVvAVOHQzvvBfVYUEJ+xavh5wCgsdsh
chL4wMp8GSHdHRBxWxYaNBM=
=3oQ9
-----END PGP SIGNATURE-----
--k1lZvvs/B4yU6o8G--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010928004633.A52008>