El mar, 31 de 08 de 2004 a las 16:08, Cedric Blancher escribiÃ: > Le mar 31/08/2004 Ã 15:58, Murugavel Thiruvengadam a Ãcrit : > > Iptables will work in kernel level . What about the others. > > Snort Inline relies on Netfilter as it gets packets using iptables QUEUE > target. This means you have total control of traffic being filtered by > Netfilter and traffic being filtered by Snort Inline. That's why I do > prefer Snort Inline to Hogwash. > > Speaking of string match in iptables, forget it. One basic able thing > an IPS/IPS has to implement is fragmentation resistance. String match > will not work against TCP fragmentation, as it is a per packet match, so > it will not detect an attack payload split on two TCP packets. And besides this snort-inline is actively being developed and I have read in the snort.org web site that it will be integrated in the plain snort, in the other side you have an almost dead project like hogwash that it's still alpha code and not being so actively developed. Hogwash it's also too heavy at using resources like memory. First option should be snort-inline. It's my opinion. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
