EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Wednesday 20 November 2024, 01:30:25 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Download the latest community FREE version
HERE
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
Inspect incoming WAN packets for undesired content/text
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Inspect incoming WAN packets for undesired content/text (Read 8269 times)
sagor
Jr. Member
Offline
Posts: 2
Inspect incoming WAN packets for undesired content/text
«
on:
Wednesday 07 July 2010, 09:19:42 am »
Is there a way to use Endian to inspect incoming WAN packets for unwanted text, and ban the source IP?
For example, some hacker bot trying to connect to a web site, trying to connect to "//phpadmin/admin.php". I'd like to trap that packet and blacklist the source IP automatically.
I can do this somewhat with a text based firewall (Mikrotik) by flagging it in a early "mangle" stage, then having the firewall blacklist the source IP based on the flag that is triggered by this text.
I've just loaded Endian, hoping it may do the same, somehow, but don't see any menu option to do this function.
Am I dreaming that higher end firewalls don't do this function? Does it take too much compute power?
Thanks
PS: The web server is on the LAN side, on a separate PC. Just want to use Endian as an intelligent firewall/router
PPS I see Snort has a lot of rules, but how does one add a simple "text" probe to these? Does Snort use a lot of resources? (I assume so...)
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Inspect incoming WAN packets for undesired content/text
«
Reply #1 on:
Thursday 08 July 2010, 01:11:24 am »
You should do it with Intrusion Prevention (=snort).
You can probably create a custom ruleset on /etc/snort/rules/custom, by adding a new file.
Check an existing ruleset to see how works
/etc/snort/rules/auto/emerging-web_server.rules
I never created a snort rule, so I can't help you.
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Inspect incoming WAN packets for undesired content/text
«
Reply #2 on:
Thursday 08 July 2010, 01:23:59 am »
Edited:
Use "upload custom rules" button from Web, I think is easier for adding your custom rules.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 20 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com