Hogwash

[Onslo]

I thought that there was already a thread that mentioned this....

Hogwash

I am sure that Sil mentioend it once....

Anyway..

What is Hogwash?
Hogwash is a packet scrubber (sometimes called a signature based firewall) based on Snort (www.snort.org). It is designed to live inline with the network feed and drop malicious packets.
Hogwash is built on top of layer 2 and is designed to be invisible. It runs without an IP stack loaded. I run Hogwash on a Linux box without IP support compiled into the kernel.

The rules language should be familiar to anyone who has run Snort in the past.

Hogwash is lightweight. It is designed to run on old hardware and embedded systems. I'm currently trying to get some PC-104 hardware to run it on. It scales nicely up to 100mbs so it can be plugged into a large pipe, and it is lightwieght enough to plug in front of a single machine with special needs.

Sounds really kewl and I am certain that it would help eliminate the number of IIS attacks that are logged in my Apache access/error logs

Might give it a whirl soon

The current version as of this date is V0.4-Pre1.

'Slo