Le mar 31/08/2004 à 15:58, Murugavel Thiruvengadam a écrit : > Iptables will work in kernel level . What about the others. Snort Inline relies on Netfilter as it gets packets using iptables QUEUE target. This means you have total control of traffic being filtered by Netfilter and traffic being filtered by Snort Inline. That's why I do prefer Snort Inline to Hogwash. Speaking of string match in iptables, forget it. One basic able thing an IPS/IPS has to implement is fragmentation resistance. String match will not work against TCP fragmentation, as it is a per packet match, so it will not detect an attack payload split on two TCP packets. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
