libnids-1.23 + TEXTREL

marty marty at goodoldmarty.com
Sun Mar 30 01:01:16 PDT 2008


> After installing scanlogd on hlfs and it works fine with libpcap. But when I
> try building with libnids (which is reputed to be better than pcap since
> pcap cannot capture fragmented packets) the libnids complains about failure
> to share text segment.
>
> readelf produces the following output:
>
> root [/sources/libnids-1.23 ]# readelf -d src/libnids.so.1.23 | grep TEXTREL
>  0x00000016 (TEXTREL)                    0x0
>
> I have tried changing the compile time flags (-fno-fast-math -fPIC -fPIE)
> like I did for procps but with no luck. Need some help

Not sure what you really mean sir.  Did libnids fail to build for you? Let us
see your error sequence if you want related feedback on that problem.

Scanlogd is pretty much useless software. Why bother; it won't protect you.

libnids is a network stack emulator; not a replacement for pcap. It just runs in
parallel with the kernel using a lot of horsepower. It is for specialized use.

Pcap just puts your NIC in promiscuous mode, captures packets real fast, and
makes that data available to other programs for analysis. It does not need to be
concerned with fragmentation, flags, or anything else. !!BUT remember, a NIC in
promiscuous mode is a thing of beauty to a hacker. It cannot be secured or
monitored!!

/*
Snort_inline is probably what you really want to build. It can be queued to
IPtables and will drop bad traffic, blacklist IP's, report port scans, detect
virus, whatever. Fragmentation no problem.  pcap not needed. With a free
subscription to the rules (5000+) they can be updated daily by a cron job with
oinkmaster. Oh, and yes, it builds easily on hlfs and I use it 24/7/365.
*/

Marty B.






I only use pcap on sensors without IP's - I normally don't like promiscuous
interfaces on my networks. (You can't secure them). I use snort inline to
IPtables on my firewalls. That builds and works fine and is not promiscuous.





-- 
Building a better mousetrap only results in better mice. C. Darwin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080330/0d81ce3b/attachment.sig>


More information about the hlfs-dev mailing list