[Snort-users] Help with Hogwash on OpenBSD
mkettler at ...7367...
Wed Apr 30 13:27:05 EDT 2003
As I mentioned in another post earlier today, hogwash is not very well
documented, and worse still, it's easy to have it "fail open".
Unless you're comfortable reading the source to figure out how it works,
I'd avoid hogwash until the docs are significantly better and the
development is further along.
There is some documentation at
but it isn't well organized and is incomplete.
To the defense of hogwash, it looks like it is currently under major
re-vamp, which is another reason why you should be hesitant to use it at
If nothing else DO NOT install hogwash until you understand WHY the
following statements are true:
1) if the OS is configured to route/forward packets between
interfaces, hogwash will be completely ineffective.
2) hogwash provides no protection to the machine it is running on,
only those behind it (subject to it being effective at all, as per #1)
3) hogwash acts as a bypass of your firewall rules for machines
inside the network, and does not act as a compliment. Adding IPF rules will
only protect the hogwash machine, not the internal network.
If you don't know exactly why those statements are true, then you're not
going to understand hogwash well enough to configure it in a secure manner,
and will likely result in a network which is completely un-firewalled.
I've looked at it only long enough to realize it would be difficult for me
to configure it in a secure fashion without a separate firewall box being
present in front of the hogwash box. I know enough to realize that I can't
write good firewall rules for it.
At 12:59 PM 4/30/2003 -0600, JOE & ANGIE wrote:
>I'm back first time user on OpenBSD. Want to install Hogwash in my OpenBSD
>box. Is it worth it? Is there any documentation I can get on how to
>install the latest version on hogwash. Already have Snort 2.0.0 running in
>my OpenBSD box. Do I need anything else to get hogwash to run. Downloaded
>the latest version for hogwash and went to there website. Could not find
More information about the Snort-users