Date: Mon, 14 Sep 1998 20:35:35 +0800 From: Peter Wemm <peter@netplex.com.au> To: Luigi Rizzo <luigi@labinfo.iet.unipi.it> Cc: archie@whistle.com (Archie Cobbs), net@FreeBSD.ORG Subject: Re: Will the TEE function of IPFW be ever implemented/necessary ? Message-ID: <199809141235.UAA10513@spinner.netplex.com.au> In-Reply-To: Your message of "Wed, 09 Sep 1998 07:41:23 %2B0200." <199809090541.HAA17889@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote: > > Luigi Rizzo writes: > > > > I'd prefer that someone implemented it, because a few people have > > > > asked for it, but on the other hand if no one is even going to implemen t > ... > > Well, all I can say is that I don't know what people might want > > to use it for, but people always seem to find a way to suprise us > > but you said a few people have asked for it! so what they want it for... One thing that ipfilter can do that ipfw can't untill tee is implemented is intercept packets. Suppose a scenario arrises where a box has a heap of ppp connections and one needs logging or tracing and it needs to be done discretely. ipfilter can forward another copy of the packets to another host (eg: outside of crackers vision) for logging. The main difference is that you can have packets logged that wouldn't otherwise be visible on an ethernet segment, eg: if a ppp user was trying to break into another ppp user on the same host and you needed a secure logging point. Mind you, tcpdump / tcpshow make a pretty good combination, especially when the dump file is being accessed via NFS so that there isn't as much running to tip off an intruder. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809141235.UAA10513>