How to drop packets in a custom Intrusion Detection System
Posted
by
tzoukos
on Server Fault
See other posts from Server Fault
or by tzoukos
Published on 2011-03-14T16:56:04Z
Indexed on
2011/03/15
0:12 UTC
Read the original article
Hit count: 533
Hi there,
I'm trying to build a custom Intrusion Detection and Prevention System (IDS/IPS). I found a great utility named ROPE which can scan the packet payload and drop the packet that doesn't follow the rules, set by a script. This serves my purpose completely, since what I want to do is check the payload for some specific text and then drop it or allow it ( the string feature in iptables wouldn't do me any good, because I want to check more than one string in tha payload, like usernames, id's, etc ). However, ROPE is really old and despite my many attempts I haven't managed to install it properly.
Do you know any similar program that will help me drop packets in iptables depending on the payload?
Any suggestion is greatly appreciated :)
© Server Fault or respective owner