Date: Mon, 14 Sep 1998 20:35:35 +0800 From: Peter Wemm <peter@netplex.com.au> To: Luigi Rizzo <luigi@labinfo.iet.unipi.it> Cc: archie@whistle.com (Archie Cobbs), net@FreeBSD.ORG Subject: Re: Will the TEE function of IPFW be ever implemented/necessary ? Message-ID: <199809141235.UAA10513@spinner.netplex.com.au> In-Reply-To: Your message of "Wed, 09 Sep 1998 07:41:23 %2B0200." <199809090541.HAA17889@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote:
> > Luigi Rizzo writes:
> > > > I'd prefer that someone implemented it, because a few people have
> > > > asked for it, but on the other hand if no one is even going to implemen
t
> ...
> > Well, all I can say is that I don't know what people might want
> > to use it for, but people always seem to find a way to suprise us
>
> but you said a few people have asked for it! so what they want it for...
One thing that ipfilter can do that ipfw can't untill tee is implemented
is intercept packets. Suppose a scenario arrises where a box has a heap
of ppp connections and one needs logging or tracing and it needs to be
done discretely. ipfilter can forward another copy of the packets to
another host (eg: outside of crackers vision) for logging.
The main difference is that you can have packets logged that wouldn't
otherwise be visible on an ethernet segment, eg: if a ppp user was trying
to break into another ppp user on the same host and you needed a secure
logging point.
Mind you, tcpdump / tcpshow make a pretty good combination, especially
when the dump file is being accessed via NFS so that there isn't as much
running to tip off an intruder.
Cheers,
-Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809141235.UAA10513>