improve ipfw rules

Matthew George mdg at secureworks.net
Wed Feb 25 09:29:09 PST 2004


On Wed, 25 Feb 2004, Borja Marcos wrote:

> > It is my hope that someday someone will step in and implement a similar
> > system under FreeBSD. But i think it requires quite a lot of work and
> > possibly
> > major rebuilding of ipfw if it needs to be integrated (which would be
> > great)
>
> 	¿Perhaps Snort with Flexresp? It should be able to close a connection
> upon detection of a signature.
>

The difference is that snort is still packet based.  You'd need to have
the concept of data stream analysis in order to really implement an
effective application layer protocol analysis engine.

-- 
Matthew George
SecureWorks Technical Operations
404.327.6339



More information about the freebsd-security mailing list