improve ipfw rules
Dorin H
bj93542 at yahoo.com
Wed Feb 25 20:02:10 PST 2004
--- Matthew George <mdg at secureworks.net> wrote:
> On Wed, 25 Feb 2004, Borja Marcos wrote:
>
> > > It is my hope that someday someone will step in
> and implement a similar
> > > system under FreeBSD.
>
> The difference is that snort is still packet based.
> You'd need to have
> the concept of data stream analysis in order to
> really implement an
> effective application layer protocol analysis
> engine.
>
Snort http plugin does "application-level" stream
analysis, AFAIK. Why you could not design a similar
plugin, or just some well written rules ? (just 2c)Use
snortsam to alert the firewall (FBSD ipf for example)
to block the traffic, and keep the fw free of stateful
traffic analysis as much as possible. For the sake of
performance.
BTW, does anyone know if snortsam work with ipfw?
/Dorin.
__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools
More information about the freebsd-security
mailing list