I wish to implement a feature on a linux box which I explained with detail in the following text;
I have read about many different articles on how to take actions based on the contains of a packet. I think netfilter/iptables has support of what I wish to deploy on a Linux machine (kernel 2.4.20) acting as a gateway network node. I have not found enough information about the exact steps to be taken in order to;
- Inspect each and every incoming packet for a specific port (ftp as an example), and then if the data packet contains a specific set of bits (ascii characters "GLOB" e.g), take actions based on a predefined rule (send a message to syslog) and then "drop" this packet.
That sounds an awful lot like a job for snort (www.snort.org) to me - did You look? And with ACID You would be able to do reports and what-not, too... Oh, and modify Your rules. Or, You can roll-your-own...
>>>>>>>>>>>>>>>>> snip! <<<<<<<<<<<<<<
