You want to be careful herehaving done some research on this, the
intent is for received packets to only reach the program that has the
bpf device open...if you were to start using this to implement a
security policy, of sorts, you could be wandering into territory
that could attract
* Ste Jones [EMAIL PROTECTED] [2004-07-03 09:14]:
The new filter option in bpf (in current
http://archives.neohapsis.com/archives/openbsd/cvs/2004-06/0798.html)
allows frames to be passed to userland and dropped in the kernel if they
match a bpf filter.
please note that that is not
Hello all,
I'm planning to implement some kind of network IPS (a preemptive network IDS)
and, after some days of research, I've discovered that there are already good
solutions for this.
The biggest example is using snort-inline in Linux (using iptables QUEUE) or
FreeBSD (with ipfw divert -
Marcelo de Souza wrote:
Hello all,
I'm planning to implement some kind of network IPS (a preemptive network IDS)
and, after some days of research, I've discovered that there are already good
solutions for this.
The biggest example is using snort-inline in Linux (using iptables QUEUE) or
# Look through the archives. You can either use a tun0 device like
# fragraoute or block+log the packets in PF and use bpf to read them off
# of the pflog0 interface.
#
# .mike
What's the deal behind this tun0 / fragroute? Sorry, I couldn't understand.
Well... certainly I could do something