Hello list! Sorry for posting this to both, however I wasn't sure which it applied to.
I'm looking at creating an intrusion detection system, similiar to portsentry, however using bpf/tcpdump to monitor all traffic, without needing to listen on those ports, it will be run on a border router, and as such will need to check for incoming packets destined for other machines too, and blackhole/add ipfw rules as needed. Are there any tools like this currently available, or a number of tools I can put together to create something like this?
-- With thanks, Joe Holden Freelance Network Engineer / Consultant FreeBSD Port Maintainer http://www.joeholden.co.uk Pub Key: http://www.joeholden.co.uk/pubkey.asc Contact: Finger me!
signature.asc
Description: OpenPGP digital signature
