martin f krafft wrote:
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
martin f krafft wrote:
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.03 00:57:48+0100]:
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridge,
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.03 00:57:48+0100]:
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridge,
On Sun, 2001-12-02 at 23:05, martin f krafft wrote:
because it's filtering based on the IP information. brides speak no
IP.
They do if you marry a girl who knows her networking. *Ducks*
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not
On Sun, 2001-12-02 at 23:05, martin f krafft wrote:
because it's filtering based on the IP information. brides speak no
IP.
They do if you marry a girl who knows her networking. *Ducks*
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not
Previously martin f krafft wrote:
okay, this is an interesting point. however, all i was saying is that
the linux bridging project is commiting suicide (as the bridging
project) as soon as they interface with netfilter or anything else
that works with IP.
Wrong :). Someone (forgot his name
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.02 12:59:38+0100]:
Wrong :). Someone (forgot his name unfortunately) already implemented
this. If you ask on the netfilter list they should be able to point
you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial
Previously martin f krafft wrote:
oh my, everyone is misunderstanding my non-important, trivial point. i
am not doubting that linux bridging and netfilter do interface, i am
merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.02 22:30:02+0100]:
Why is a filtering bridge no longer a bridge? It does not route, it
does not change packets, it just selectively does not pass some on.
A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filtering
Previously martin f krafft wrote:
because it's filtering based on the IP information. brides speak no
IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
Previously martin f krafft wrote:
okay, this is an interesting point. however, all i was saying is that
the linux bridging project is commiting suicide (as the bridging
project) as soon as they interface with netfilter or anything else
that works with IP.
Wrong :). Someone (forgot his name
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.02 12:59:38+0100]:
Wrong :). Someone (forgot his name unfortunately) already implemented
this. If you ask on the netfilter list they should be able to point
you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial
Previously martin f krafft wrote:
oh my, everyone is misunderstanding my non-important, trivial point. i
am not doubting that linux bridging and netfilter do interface, i am
merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.02 22:30:02+0100]:
Why is a filtering bridge no longer a bridge? It does not route, it
does not change packets, it just selectively does not pass some on.
A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filtering
Previously martin f krafft wrote:
because it's filtering based on the IP information. brides speak no
IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
On Wed, 28 Nov 2001, François Bayart wrote:
Hi ,
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig br0 62.4.8.2 netmask 255.255.255.0
Hello,
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call
* Attila Nagy [EMAIL PROTECTED] [2001.11.29 14:30:56+0100]:
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy
.
---
François Bayart
[EMAIL PROTECTED]
+33 1 49 27 98 30
+33 6 87 84 18 82
- Original Message -
From: martin f krafft [EMAIL PROTECTED]
To: Attila Nagy [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 29, 2001 3:45 PM
Subject: Re: iptables with a linux bridge
On Wed, 28 Nov 2001, François Bayart wrote:
Hi ,
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig br0 62.4.8.2 netmask 255.255.255.0
Hello,
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call
Hello,
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of
it's external interfaces. So how can you do an intrusion attack on a
firewall that you cannot address?
In theory it is possible. If you can use the
* Attila Nagy [EMAIL PROTECTED] [2001.11.29 14:30:56+0100]:
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy
.
---
François Bayart
[EMAIL PROTECTED]
+33 1 49 27 98 30
+33 6 87 84 18 82
- Original Message -
From: martin f krafft [EMAIL PROTECTED]
To: Attila Nagy [EMAIL PROTECTED]
Cc: debian-security@lists.debian.org
Sent: Thursday, November 29, 2001 3:45 PM
Subject: Re: iptables with a linux bridge
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would like
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would like
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
On Wed, 28 Nov 2001, François Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
That correctly works but now I
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD
* Giacomo Mulas [EMAIL PROTECTED] [2001.11.28 18:11:40+0100]:
I've installed a linux bridge with 2.4.14 kernel and the
bridge-utils packages
I am VERY interested, since I administer a transparent firewall
myself. My firewall uses proxy arp (I implemented it in the old
2.2.x kernel +
* Simon Murcott [EMAIL PROTECTED] [2001.11.29 16:31:12+1300]:
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of it's
external interfaces. So how can you do an intrusion attack on a firewall
that you cannot
François Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I
Jeremy T. Bouse wrote:
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my
On Thu, 29 Nov 2001, Simon Murcott wrote:
On Thu, 29 Nov 2001, martin f krafft wrote:
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have
Simon Murcott wrote:
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of it's
external interfaces. So how can you do an intrusion attack on a firewall
that you cannot address?
Another advantage is the
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would like
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would like
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
On Wed, 28 Nov 2001, François Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
That correctly works but now I
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD
* Jeremy T. Bouse [EMAIL PROTECTED] [2001.11.28 09:07:53-0800]:
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's not going to be a
bridge as it concerns
On Thu, 29 Nov 2001, martin f krafft wrote:
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's
* Simon Murcott [EMAIL PROTECTED] [2001.11.29 16:31:12+1300]:
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of it's
external interfaces. So how can you do an intrusion attack on a firewall
that you cannot
François Bayart wrote:
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I
Jeremy T. Bouse wrote:
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my
On Thu, 29 Nov 2001, Simon Murcott wrote:
On Thu, 29 Nov 2001, martin f krafft wrote:
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a
Simon Murcott wrote:
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of it's
external interfaces. So how can you do an intrusion attack on a firewall
that you cannot address?
Another advantage is the
53 matches
Mail list logo
