On Nov 24 2007 23:52, Jesper Dangaard Brouer wrote: > > Back in 2003/2004 when finding the topic for my masters thesis, I had a > secondary project idea, perhaps its about time to do something about the idea, > and hear if anyone else thinks its a good idea? > > The basic idea is to: "Categorize traffic by behavior" > A behavior-analyzing project is http://jengelh.hopto.org/p/chaostables/ which uses TCP initialization behavior observation to figure out netscans and a small L7 length check to detect version banner grabs (think smtp, ssh). > > I propose this could be implemented with Netfilter target modules for > categorizing traffic, and using conntrack flows for saving the group/type, that > other rules can match upon. > As usual, "patches welcome" ;-) - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html