Linux Query wrote: > Daniel Chemko <dchemko@xxxxxxxxxx> wrote: > >> Or even better, use Snort-inline to detect infiltrations and use its >> built-in response engine to drop the packets. > > Didn't know about snort. Does it support string matching ? > Snrot's generally used for Intrusion detections, but it is basically one big string matching program a lot like l7filter that you mentioned in an earlier post. I couldn't say which one is better suited for your needs. Snort-inline does take some hand-holding to get started, but I believe that more intrusions will be caught through snort than you adding rules adhoc to l7filter.
