RE: ipt_string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am learning things :) Thanks ! I will try to learn
about snort and mod_security as soon as I can.

regards,
jim.


David Cary Hart <DCH@xxxxxxxxxxx> wrote:On Mon,
2004-09-20 at 17:43, Daniel Chemko wrote:
> Linux Query wrote:
> > Didn't know about snort. Does it support string
matching ?
> > 
> Snrot's generally used for Intrusion detections, but
it is basically one
> big string matching program a lot like l7filter that
you mentioned in an
> earlier post. I couldn't say which one is better
suoted for your needs.
> 
> Snort-inline does take some hand-holding to get
started, but I believe
> that more intrusions will be caught through snort
than you adding rules
> adhoc to l7filter. 

You might also want to take a look at mod_security for
HTTPD protection.
This is a string matcher that allows your to redirect
or drop web
attacks independent of IPT. You can even convert snort
rules.

BTW, one approach with Snort is to use Swatch to
execute rule scripts
for IPT.






	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux