From: Jon CCIE-study Account (cciestudy@xxxxxxxxxxxxxxx)
Date: Fri Oct 12 2001 - 16:45:46 GMT-3
Hi Louie
Some information I found. It might be the "layer 2 firewall" you was asking
about..
http://hogwash.sourceforge.net/
Hogwash is a layer 2 packet scrubber based on the snort signature engine.
Hogwash sits in line, and forwards or drops packets based on signature
matches.
Cisco Secure Consulting Analysis by Venkat Pothamsetty, Security Research
Engineer
Hogwash is a firewall operating at the link layer. There are a couple of
interesting things that distinguish Hogwash from the rest of the bunch.
First, in addition to operating at the link layer, it does not require an IP
stack on the machine it runs on. Because of that, it is much harder for an
attacker to mount attacks on the firewall machine itself, and practically
impossible to launch attacks above the link layer. Secondly, because Hogwash
is based on snort, the user will be able to pass or drop packets based on
IP/TCP/UDP header values and even data content. It is also easier for the
user to configure the tool: the only required arguments are snort rules
file, the inside interface, and the outside interface.
Best regard,
Jon Bennedsgaard
----- Original Message -----
From: "louie kouncar" <lkouncar@UU.NET>
To: <ccielab@groupstudy.com>
Sent: Friday, October 12, 2001 7:02 PM
Subject: A firewall Question
> All,
>
> I have been working with Check point firewall for a while, and just today
I
> heard a guy say that there is a kind of firewall that is a layer 2 device,
> anyone can comment on that please....
>
> Thank you
>
>
>
> Louie J. Kouncar CCIE #7994
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3