Best option I see here is a dup-to packets to an interface with IDS
listening and give it the ability to add IP addresses to a blacklist and
flush all states associated with them.
PF is a kernel space item, and you want to keep this as simple as possible
to minimize bugs. Leave complex stuff like
i highly doubt that they would add any sort of layer 7/string checking
capability to pf. it's completely against its design
that's just not going to happen
à am not sure i am right but you are not in the good layer, you want snort
or something similar to do that.
On Fri, Jan 25, 2013 at 3:03 PM, Todd wrote:
> hi,
>
> not sure this is the correct place to ask but i wanted to know if the
> possibility of a new pf rule had been thought of?
>
> the co
hi,
not sure this is the correct place to ask but i wanted to know if the
possibility of a new pf rule had been thought of?
the concept i had in mind would be to filter packets bound for a port that
contained a she! or similar script header?
my thought was trying to add a way to check or prev
4 matches
Mail list logo
