Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: One question

From: Shane Williams <shanew () gslis utexas edu>
Date: Thu, 19 Dec 2002 11:12:20 -0600 (CST)
I haven't tried it yet, but I don't see why hogwash wouldn't run on a
bridging firewall.  Hmmm... holiday project perhaps.

On Thu, 19 Dec 2002, Matt Kettler wrote:


No, not a bridge, a router. However I suspect what you are calling a 
"bridge" is really a router anyway.

A Bridge is a simple ethernet layer device that bridges 2 ethernet segments 
(ie: a switch with only 2 ports is a bridge), a router is an IP layer 
device with multiple interfaces that routes IP packets between them. The 
significant difference here is that some non-IP things like ARP don't 
generally pass through a router (although they might be proxied by it), but 
any type ethernet packet can go through a bridge, provided the MAC 
addresses dictate it is headed to the other side.

Since hogwash relies on IPTables for filtering, that filtering is IP layer, 
thus must happen on a system which routes at an IP layer. It can't merely 
be an ethernet layer bridge.

At 12:11 PM 12/19/2002 +0100, Carmelo Zubeldia wrote:

Hi all,

Run hogwash in a Bridge?

Thxs
--




-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                | Systems Administrator UT-GSLIS
=----------------------------------+-------------------------------
All syllogisms contain three lines |        shanew () gslis utexas edu
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew



-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: