On Mon, 2004-09-20 at 17:43, Daniel Chemko wrote: > Linux Query wrote: > > Didn't know about snort. Does it support string matching ? > > > Snrot's generally used for Intrusion detections, but it is basically one > big string matching program a lot like l7filter that you mentioned in an > earlier post. I couldn't say which one is better suoted for your needs. > > Snort-inline does take some hand-holding to get started, but I believe > that more intrusions will be caught through snort than you adding rules > adhoc to l7filter. You might also want to take a look at mod_security for HTTPD protection. This is a string matcher that allows your to redirect or drop web attacks independent of IPT. You can even convert snort rules. BTW, one approach with Snort is to use Swatch to execute rule scripts for IPT.
