Snort mailing list archives
Re: [Snort-devel] Introducing HogWash
From: "Jed Haile" <jed () grep net>
Date: Tue, 17 Jul 2001 23:41:15 -0600
I had heard you mention that you were working on one, but I never saw an announcement that some code was availble. Where can I find it? I'll take a look at it and see how it stacks up. Later, Jed ----- Original Message ----- From: <tlewis () mindspring com> To: "Jed Haile" <jed () grep net> Cc: <snort-devel () lists sourceforge net>; <snort-users () lists sourceforge net> Sent: Tuesday, July 17, 2001 7:46 PM Subject: Re: [Snort-devel] Introducing HogWash
I have already adapted snort to serve as a firewall using netfilter or divert sockets with my paengine modification. Your changes are incompatible with mine. Were you unaware of my work, or did you find it unacceptable for some reason? -- Todd Lewis tlewis () mindspring com On Mon, 9 Jul 2001, Jed Haile wrote:Fellow snorters, A new tool is available for your enjoyment! Hogwash, the snort based
inline
packet scrubber. It is basically a snort detection engine with the
ability
to drop or forward packets based on a rules decision. Needless to say
you
will need to select rules that are not prone to false positives. It uses libpcap for packet acquisition and libnet to do the packet forwarding, no ip stacks are needed, so the packet scrubber can be run
in a
nearly invisible configuration. It forwards packets without changing
TTL, mac
addresses or any other part of the packet. Unless you want it to.
Hogwash
has full access to the packet stream so you could write a plugin to,
ahem,
alter packets as well. Check out spp_uni_scrub.c for an example. It is still a little rough around the edges, and undergoing active development. In the finest open source tradition it is lightly
documented. It
is also very functional and in use on some production networks. Check it
out
at: http://hogwash.sourceforge.net We will be setting a Hogwash scrubber up on the CTF network at DefCon
and it
will be configured to protect a stock unpatched RH 6.2 box. We'll see
how
long it lasts. Bring your favorite kiddie tools and have a go at it! Give it a try and send any feedback, bug reports, etc to Jason Larsen <jason () grep net> or Jed Haile <jed () grep net>. Have fun! Jed _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net http://lists.sourceforge.net/lists/listinfo/snort-devel_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net http://lists.sourceforge.net/lists/listinfo/snort-devel
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Introducing HogWash Jed Haile (Jul 09)
- Re: [Snort-devel] Introducing HogWash tlewis (Jul 17)
- Re: [Snort-devel] Introducing HogWash Jed Haile (Jul 17)
- Re: [Snort-devel] Introducing HogWash Brian Caswell (Jul 18)
- Re: [Snort-devel] Introducing HogWash tlewis (Jul 18)
- Re: [Snort-devel] Introducing HogWash tlewis (Jul 17)