HOGWASH - Snort Based Packet Scrubber

3rd Party Package Requesting

Postby Kevin Linx » Wed May 29, 2002 12:52 pm

<a href="http://hogwash.sourceforge.net/" target="_blank">HOGWASH</a> - <a href="http://www.freescosoft.com/cgi-bin/ib3-freesco/ikonboard.cgi?act=ST;f=9;t=49;st=0" target="_blank">previous Hogwash discussion</a> ?

What is Hogwash?
Hogwash is a packet scrubber (sometimes called a signature based firewall) based on Snort (www.snort.org).
*<a href="http://www.ists.dartmouth.edu/IRIA/knowledge_base/ngrep-intro.v0.8.htm" target="_blank">Packet Signatures</a>
It is designed to live inline with the network feed and drop malicious packets.
Hogwash is built on top of layer 2 and is designed to be invisible. It runs without an IP stack loaded. I run Hogwash on a Linux box without IP support compiled into the kernel.

The rules language should be familiar to anyone who has run Snort in the past.

Hogwash is lightweight. It is designed to run on old hardware and embedded systems. I'm currently trying to get some PC-104 hardware to run it on. It scales nicely up to 100mbs so it can be plugged into a large pipe, and it is lightwieght enough to plug in front of a single machine with special needs.


Rules File
The rules file is based on snort's rule file. You can do almost anything with a Hogwash rule file that yout can do with a snort rule file.

The Basics
There are four basic types of rules you can use:
pass
drop
sdrop
alert
log
Kevin Linx
 

Return to 3rd Party Package Requesting

Who is online

Users browsing this forum: No registered users and 4 guests

cron