On 03.06.2010 20:15, ratheesh k wrote: > 2010/5/30 Tomáš Vlček <tomasvlcek@xxxxxxxxx>: >>> I have implemented firewall in my linux machine using >>> iptables . It is able to prevent attacks and LOG just before dropping >>> packets . Since i know a little about iptables , i could go thru >>> /var/log/messages and find out information about attacks . Is there >>> any application which will analyze logs and give a brief information >>> to user about the attacks ? >>> >>> For example , suppose there was a syn flood attack ,the application >>> should analyse the /var/log/messages or by some means should know >>> about the attack and let the user know about that .If there is no >>> application , could you give some hints on how to develop an >>> application .Any comment is appreciated . >> Maybe psad (Port Scan Attack Detector) is that what are you looking >> for. Check http://cipherdyne.org/psad/index.html. > > I gone through the link . It seems to be heavy for my embedded application . > > My embedded box is a router with two inerfaces - wan0 and lan0 . I > should get information regarding various attacks tried on lan clients > .I have some implementation in mind .(see below ) > > 1 Is there any tool fit my requirement or there any tool , i can do > a little modification in code and use . > 2 . Is my idea feasible to implement ? . Is it worth implementing , > because it is run as part of softirq_rx kernel thread . Will it dampen > performance ? > 3 . Could i do this as part of connection tracking module . If , could > you guide a little ? > snort (snort.org) comes into my mind here. afaik it has the ability to create inline iptables rules. maybe worth a look? best regards mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
