Snort mailing list archives
Re: Help with Hogwash on OpenBSD
From: Matt Kettler <mkettler () EVI-INC COM>
Date: Wed, 30 Apr 2003 16:25:11 -0400
As I mentioned in another post earlier today, hogwash is not very well documented, and worse still, it's easy to have it "fail open".
Unless you're comfortable reading the source to figure out how it works, I'd avoid hogwash until the docs are significantly better and the development is further along.
There is some documentation at http://hogwash.sourceforge.net/docs/index.html but it isn't well organized and is incomplete.To the defense of hogwash, it looks like it is currently under major re-vamp, which is another reason why you should be hesitant to use it at this time.
If nothing else DO NOT install hogwash until you understand WHY the following statements are true:
1) if the OS is configured to route/forward packets between interfaces, hogwash will be completely ineffective. 2) hogwash provides no protection to the machine it is running on, only those behind it (subject to it being effective at all, as per #1) 3) hogwash acts as a bypass of your firewall rules for machines inside the network, and does not act as a compliment. Adding IPF rules will only protect the hogwash machine, not the internal network.
If you don't know exactly why those statements are true, then you're not going to understand hogwash well enough to configure it in a secure manner, and will likely result in a network which is completely un-firewalled.
I've looked at it only long enough to realize it would be difficult for me to configure it in a secure fashion without a separate firewall box being present in front of the hogwash box. I know enough to realize that I can't write good firewall rules for it.
At 12:59 PM 4/30/2003 -0600, JOE & ANGIE wrote:
Hey, I'm back first time user on OpenBSD. Want to install Hogwash in my OpenBSD box. Is it worth it? Is there any documentation I can get on how to install the latest version on hogwash. Already have Snort 2.0.0 running in my OpenBSD box. Do I need anything else to get hogwash to run. Downloaded the latest version for hogwash and went to there website. Could not find any documentation.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help with Hogwash on OpenBSD JOE & ANGIE (Apr 30)
- Re: Help with Hogwash on OpenBSD Matt Kettler (Apr 30)