Re: Statefull Packer Inspection against Malware attacks!

From: Greg Hennessy (me_at_privacy.net)
Date: 08/17/04


Date: Tue, 17 Aug 2004 14:37:09 +0100

On Tue, 17 Aug 2004 12:00:58 +0100, Nigel Wade <nmw@ion.le.ac.uk> wrote:

>> Would you trust SecurityFocus' opinion?
>> http://www.securityfocus.com/infocus/1531
>> If not, how about the Netfilter page itself?
>> http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.18
>
>That's almost totally useless in terms of content filtering.
>

We've tried telling him that.

If one wanted to filter and block http requests in this manner, tools like
snort-inline & snortsam would do the job just nicely.

I must confess a wee chuckle at his assertions that he's used it to block
worm traffic allegedly.

greg

-- 
Es ist mein Teil - nein 
Mein Teil - nein 
Denn das ist mein Teil - nein 
Mein Teil - nein 


Relevant Pages