netfilter promiscuous and connection tracking for IDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, I am working on IDS and I am trying to use netfilter 
conntrack on promiscuous mode. I want to track status of connections 
not intended for localhost. I have been using Sebastian Zander's patch 
 
web:http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/ne 
tfilter.html 
patch:netfilter-prom-patch.tgz 
Sebastian's mail:zander@xxxxxxxxxxxx 
 
It adds a new table called meter that handle promiscuous packages. It 
works, but I was not able to track connection status using conntrack. 
 
Could anybody advise me on this? I need to make a decission, keep 
trying or 
go to user space to mangle all this through libpcap as snort or ntop. 
 
thanks, 
txemi. 
 
email: txemi2@xxxxxxxxxxxxx 
web: http://txemi.webhop.org 
 



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux