(no subject)

[Chuck Swiger]

Joe Holden wrote:
[ ... ]
> I'm looking at creating an intrusion detection system, similiar to
> portsentry, however using bpf/tcpdump to monitor all traffic, without
> needing to listen on those ports, it will be run on a border router, and
> as such will need to check for incoming packets destined for other
> machines too, and blackhole/add ipfw rules as needed.  Are there any
> tools like this currently available, or a number of tools I can put
> together to create something like this?

Check out /usr/ports/net/honeyd and the Honeynet project...

-- 
-Chuck