From owner-freebsd-questions Fri Aug 17 12:33:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shumai.marcuscom.com (rdu26-228-058.nc.rr.com [66.26.228.58]) by hub.freebsd.org (Postfix) with ESMTP id 4389337B410; Fri, 17 Aug 2001 12:33:47 -0700 (PDT) (envelope-from marcus@marcuscom.com) Received: from localhost (marcus@localhost) by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f7HJWw259954; Fri, 17 Aug 2001 15:32:58 -0400 (EDT) (envelope-from marcus@marcuscom.com) X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs Date: Fri, 17 Aug 2001 15:32:58 -0400 (EDT) From: Joe Clarke To: Dave Cc: , Subject: Re: IDS In-Reply-To: <001f01c1274e$cdc8b620$3400a8c0@mandy> Message-ID: <20010817153110.U59726-100000@shumai.marcuscom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You can certainly get hogwash to compile on FreeBSD. I just did it. Let me know if you have questions on the build. Joe Clarke On Fri, 17 Aug 2001, Dave wrote: > Hello, > I have been using snort for some time now and I stumbled across a > program named Hogwash (http://hogwash.sourceforge.org) which uses the snort > base to detect possible intrusion, but then DROPS the packet if it matches a > ruleset. E.g. Code red can just be dropped instead of blocking port 80. > > This seems like a very good idea to me however hogwash is a linux program. > Can anyone perhaps recommend another program and/or method to do this. > > Thanks in advance, > --Dave. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message