In fact, the first go round I had with this project, I used a program called udpflood.exe to construct a UDP packet with a password in the payload. In theory, you could write a rule that detects any old packet and have it run the script. All other packets destined for that port will be silently dropped, as you can test for yourself at the end of the project by running a firewall test from the Shields Up application at Steve Gibson’s GRC web site. The end result is, you will have a specific firewall entry in your network gateway that will only allow the IP address you are coming from to connect to the port your web site is hosted on (and I say web site, but in theory, it could be any service). ![]() The Aanval action manager (or swatch) will be configured to watch for this alert, and will run a custom written script that will connect from the second, internally facing, interface on the Snort NIDS to the internal interface of the Untangle Gateway and update the iptables firewall to allow (ONLY) the source of the tripped signatures through. We will write custom rules that the Snort NIDS will listen for when these rules are matched, Snort will log an alert.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |