Specifically, here are my goals for the listener: GOALS: python-based sniffer that runs on OpenBSD should be able to sniff pflog device or any other interface should detect port knocking a la fwknop should detect port scanning a la psad should duplicate functionality of arpwatch should detect use of protocols that require port forwarding should detect p2p protocols like edonkey or beep and block them NOTE: all can be done by monitoring the WAN interface alone should interface to dfd_keeper to trigger rule changes ideally any module we use should exploit full features of libpcap ideally any module we use should be OO ideally any module we use should be written at as high a level as possible ideally any module we use should be thread-safe should use publisher-subscriber design pattern for efficiency each consumer (psad, fwknop, port fwd) should specify BPF filter ORed together each consumer is en/disabled via command line options
And I've already done the analysis of python pcap interfaces and I'll be using pcapy/impacket, perhaps with some minor modifications which will be sent back to the authors. I evaluated pycap, pylibcap, and pynetlibs and found them to be inferior to pcapy/impacket. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
