Honeypots mailing list archives
FreeBSD and honeypots [ Re: Snort inline for openbsd? ]
From: Philip Reynolds <phil () Redbrick DCU IE>
Date: Tue, 4 Mar 2003 00:24:16 +0000
Rob McMillen's [rvmcmil () cablespeed com] 21 lines of wisdom included:
Michael,
The key component to snort_inline is the iptables ip_queue. This
allows a user to tell the iptables firewall to send the packet from kernel
space to a userspace program for routing decision. If the OpenBSD
equivalent of iptables does this, it would be a pretty easy port.
Small bit OT, but FreeBSD's firewall IPFW, will allow this via a ``divert'' rule. Instead of using the libipq API, you'll be communicating via a divert socket. I'm not familiar enough with PF to tell you if there is an equivalent, and I currently have no access to OpenBSD. I'm also rather curious as to the development of honeypots on FreeBSD? Honeypots seem rather Linux orientated, although OpenBSD is becoming mentioned more and more as well. Ref: ipfw(8), divert(4) -- Philip Reynolds RFC Networks tel: 01 8832063 www.rfc-networks.ie fax: 01 8832041
Attachment:
_bin
Description:
Current thread:
- Snort inline for openbsd? Michael Anuzis (Mar 02)
- Re: Snort inline for openbsd? Rob McMillen (Mar 02)
- FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Philip Reynolds (Mar 03)
- Re: FreeBSD and honeypots [ Re: Snort inline for openbsd? ] ph33r (Mar 04)
- Re: FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Philip Reynolds (Mar 04)
- Re: FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Benjamin Johnson (Mar 04)
- Re: FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Alan Neville (Mar 04)
- Re: FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Dave Aitel (Mar 04)
- FreeBSD and honeypots [ Re: Snort inline for openbsd? ] Philip Reynolds (Mar 03)
- Re: Snort inline for openbsd? Rob McMillen (Mar 02)