How to drop packets in a custom Intrusion Detection System

Posted by tzoukos on Server Fault See other posts from Server Fault or by tzoukos
Published on 2011-03-14T16:56:04Z Indexed on 2011/03/15 0:12 UTC
Read the original article Hit count: 533

Filed under:
|
|

Hi there,

I'm trying to build a custom Intrusion Detection and Prevention System (IDS/IPS). I found a great utility named ROPE which can scan the packet payload and drop the packet that doesn't follow the rules, set by a script. This serves my purpose completely, since what I want to do is check the payload for some specific text and then drop it or allow it ( the string feature in iptables wouldn't do me any good, because I want to check more than one string in tha payload, like usernames, id's, etc ). However, ROPE is really old and despite my many attempts I haven't managed to install it properly.

Do you know any similar program that will help me drop packets in iptables depending on the payload?

Any suggestion is greatly appreciated :)

© Server Fault or respective owner

Related posts about linux

Related posts about iptables