SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 06:27 AM
| ||||
| ||||
 IPS functionality Hi OpenBSD rocks and I have donated to this great cause :-) Hope you can help. So I have the following setup: DMZ | | LAN-----OpenBSD/PF/Snort?------Internet So in a nutshell I want to drop packets (not sessions) that match a IDS signature after PF filtering. So for example (PF is a Layer 3 filter): 1. A PF rule allows SMTP to the DMZ from the Internet 2. SMTP traffic is permitted by PF 3. IDS detects an attack packet that would be permitted by the above rule 4. System (Snort) drops only the matching attack packets So AFAIK flexresp, snortsam, snort2pf and guardian are out. Snort has to be inline, which it is, so can I drop single packets after PF filtering that match a signature? Is this available currently, if so, how do I go about it, can something be put together? Thanks for your time. Cheers Richard      |
Linear Mode
