From owner-freebsd-isp@FreeBSD.ORG  Fri Feb 17 00:07:00 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C8E9E16A420;
	Fri, 17 Feb 2006 00:07:00 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8C18943D46;
	Fri, 17 Feb 2006 00:07:00 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from mac.com (smtpin07-en2 [10.13.10.152])
	by smtpout.mac.com (Xserve/8.12.11/smtpout10/MantshX 4.0) with ESMTP id
	k1H06xsK026706; Thu, 16 Feb 2006 16:07:00 -0800 (PST)
Received: from [192.168.1.3] (pool-68-161-67-103.ny325.east.verizon.net
	[68.161.67.103]) (authenticated bits=0)
	by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id k1H06jf7029094
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 16 Feb 2006 16:06:59 -0800 (PST)
Message-ID: <43F51396.5000302@mac.com>
Date: Thu, 16 Feb 2006 19:06:46 -0500
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: joe@joeholden.co.uk
References: <43F4EB72.5090702@joeholden.co.uk>
In-Reply-To: <43F4EB72.5090702@joeholden.co.uk>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-isp@freebsd.org, freebsd-net@freebsd.org
Subject: Re: (no subject)
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2006 00:07:00 -0000

Joe Holden wrote:
[ ... ]
> I'm looking at creating an intrusion detection system, similiar to
> portsentry, however using bpf/tcpdump to monitor all traffic, without
> needing to listen on those ports, it will be run on a border router, and
> as such will need to check for incoming packets destined for other
> machines too, and blackhole/add ipfw rules as needed.  Are there any
> tools like this currently available, or a number of tools I can put
> together to create something like this?

Check out /usr/ports/net/honeyd and the Honeynet project...

-- 
-Chuck