[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Diverting packets like IPFW DIVERT



Hello all,
I'm planning to implement some kind of network IPS (a preemptive network IDS)
and, after some days of research, I've discovered that there are already good
solutions for this. 
The biggest example is using snort-inline in Linux (using iptables QUEUE) or
FreeBSD (with ipfw divert - except that it doesn't work over bridges).
Actually I'd like to implement this thing over OpenBSD + pf, but as I found
until now, there is no way to divert packets from kernel network hooks to
userland. 
Am I right? Or is there a solution for this?
Thanks in advance,
-- Marcelo
--------------------------------------------------
	ACME! Computer Security Research	
	  http://www.acmesecurity.org