slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Presented By Deepak Kumar Jena Roll no. #CS200117019 PowerPoint Presentation
Download Presentation
Presented By Deepak Kumar Jena Roll no. #CS200117019

Loading in 2 Seconds...

play fullscreen
1 / 12

Presented By Deepak Kumar Jena Roll no. #CS200117019 - PowerPoint PPT Presentation

  • Uploaded on

“ Hogwash for Network security ”. Presented By Deepak Kumar Jena Roll no. #CS200117019. Under the guidance of Mr. D.Kanhar. INTRODUCTION. One of the largest challenges facing us today is protecting servers.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Presented By Deepak Kumar Jena Roll no. #CS200117019' - olisa

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

“Hogwash for Network security ”



Deepak Kumar Jena Roll no. #CS200117019

Under the guidance of

Mr. D.Kanhar




  • One of the largest challenges facing us today is protecting servers.
  • Hogwash is a very cost effective technology to provide the security to the server.
  • The software available for this is Hogwash Tarball which is available free of cost.
  • It operates in three modes as per required.


about hogwash
About Hogwash
  • Hogwash was written as a simple packet filter called Scrub in 1996.
  • In 1999 the packet processing engine was replaced with SNORT and then called Hogwash.
  • SNORT engine was showing its weaknesses for doing heavyweight packet scrubbing,hencereplaced by H2 engine.


modes of operation
Modes of Operation
  • IDS mode
  • Inline Scrubber Mode
  • Honey Pot Control Mode


ids mode
IDS Mode
  • In this mode the system is attached to a span or mirror port on a switch or other network device that has this feature so that the system will watch traffic as it passes this port.
  • Hogwash has over a normal IDS is the ability to send resets to break the TCP session.
  • It is of again 2 types:
          • Host based
          • Network based


inline scrubber mode
Inline Scrubber Mode
  • Inline Scrubber Mode, which can be stealth means with no IP stack or normal.Stealth is one of the key features of Hogwash, which is its ability to function without having a TCP/IP stack.
  • In Inline Scrubber Mode Hogwash has the ability to stop attacks by sending TCP resets, dropping the packet, and/or logging the packet.
  • Hogwash will also be able to sanitize packets to remove only the portion that matches a rule without dropping the whole thing.


honeypot control mode
HoneyPot Control Mode
  • In the HoneyPot Control Mode, Hogwash will protect production systems without repelling attacks.Instead, it forwards suspicious connections to a honeypot to allow for closer analysis: an attack on the honeypot will not impact the network.
  • In this mode,while setup the Hogwash system act as a router to send different types of attacks to different honey pot systems via the use of multiple NICs.


  • Operating System:
  • Trinux
  • RedHat Linux 9
  • Debian 3.0
  • Hardware:
  • hardware that will support 2 network cards and Linux


  • Different sections to be configured are:
  • System Section
  • Interface Section
  • Routing Section
  • IP Lists
  • Actions
  • Modules

This is done in the live.config file.


  • Hogwash is an easy-to-install and very much cost effective technique to protect the server from attackers.
  • Hogwash is suitable for use as a central component that will distract attackers away from production systems to a honeypot, allowing the administrator to monitor the attacker’s nefarious activities and the attack method offline.