Re: Project proposal/idea: Categorize traffic by behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 24 2007 23:52, Jesper Dangaard Brouer wrote:
>
> Back in 2003/2004 when finding the topic for my masters thesis, I had a
> secondary project idea, perhaps its about time to do something about the idea,
> and hear if anyone else thinks its a good idea?
>
> The basic idea is to: "Categorize traffic by behavior"
>
A behavior-analyzing project is http://jengelh.hopto.org/p/chaostables/ which
uses TCP initialization behavior observation to figure out netscans and a small
L7 length check to detect version banner grabs (think smtp, ssh).

>
> I propose this could be implemented with Netfilter target modules for
> categorizing traffic, and using conntrack flows for saving the group/type, that
> other rules can match upon.
>
As usual, "patches welcome" ;-)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux