what about a program - like snort - but instead of listening on an interface, it would listen on your divert(4) socket. a setup like this could actually help snort (or an other program) be more responsive.
i know that i have run into troubles with snort's flex-resp mechanism not stopping packets. with the divert(4) socket, i think you would be able to stop packets dead in their tracks. -aj- ---- http://www.camulus.org/ On Tue, 12 Mar 2002, Julian Elischer wrote: > nice idea.. procmail for packets. > > > On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > > > > Here is something I miss a lot: > > > > I would like a small program which can listen to a specified divert(4) > > socket and act on the incoming packets. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message