[Snort-devel] Introducing HogWash
jed at ...506...
Wed Jul 18 01:41:15 EDT 2001
I had heard you mention that you were working on one, but I never saw an
announcement that some code was availble. Where can I find it? I'll take a
look at it and see how it stacks up.
----- Original Message -----
From: <tlewis at ...255...>
To: "Jed Haile" <jed at ...506...>
Cc: <snort-devel at lists.sourceforge.net>; <snort-users at lists.sourceforge.net>
Sent: Tuesday, July 17, 2001 7:46 PM
Subject: Re: [Snort-devel] Introducing HogWash
> I have already adapted snort to serve as a firewall using netfilter
> or divert sockets with my paengine modification. Your changes are
> incompatible with mine. Were you unaware of my work, or did you find
> it unacceptable for some reason?
> Todd Lewis
> tlewis at ...255...
> On Mon, 9 Jul 2001, Jed Haile wrote:
> > Fellow snorters,
> > A new tool is available for your enjoyment! Hogwash, the snort based
> > packet scrubber. It is basically a snort detection engine with the
> > to drop or forward packets based on a rules decision. Needless to say
> > will need to select rules that are not prone to false positives.
> > It uses libpcap for packet acquisition and libnet to do the packet
> > forwarding, no ip stacks are needed, so the packet scrubber can be run
> > nearly invisible configuration. It forwards packets without changing
> > addresses or any other part of the packet. Unless you want it to.
> > has full access to the packet stream so you could write a plugin to,
> > alter packets as well. Check out spp_uni_scrub.c for an example.
> > It is still a little rough around the edges, and undergoing active
> > development. In the finest open source tradition it is lightly
> > is also very functional and in use on some production networks. Check it
> > at:
> > http://hogwash.sourceforge.net
> > We will be setting a Hogwash scrubber up on the CTF network at DefCon
> > will be configured to protect a stock unpatched RH 6.2 box. We'll see
> > long it lasts. Bring your favorite kiddie tools and have a go at it!
> > Give it a try and send any feedback, bug reports, etc to
> > Jason Larsen <jason at ...506...> or Jed Haile <jed at ...506...>.
> > Have fun!
> > Jed
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > http://lists.sourceforge.net/lists/listinfo/snort-devel
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
More information about the Snort-devel