How about port scanning clients behind from the firewall? Suggestions? I'm thinking of something that could be scripted to append an iptables rule to block the MAC address of the offending client, then notify me. Am I looking at an NMAP plugin possibly? Khanh Tran Network Operations Sarah Lawrence College -----Original Message----- From: Daniel Chemko [mailto:dchemko@xxxxxxxxxx] Sent: Thursday, September 09, 2004 7:27 PM To: Khanh Tran; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: virus scanning with iptables Khanh Tran wrote: > Is any using a virus scanning application with iptables? I'd like to > know if it's possible for me to detect viruses that go across my > iptables firewalls. There isn't currently a tool to perform Virus scanning of iptables data. The closest match would be snort-inline which can locate some virus signatures. Inline scanning of anything can have averse effects on the transmission. You'll quickly find that detailed scans require a lot of CPU usage. Just for monitoring network thoughtput with ntop, I'd max out my P4 CPU when backups kicked off. The better approach would be to implement transparent proxies of pertinent services like SMTP and use virus scanning addons. for them. You may also look at the 'l7-filter' project or the 'string' extension to see if their implementation suits your needs.
