LAk -> Intrusion
IPTables with ip_queue Enabled
IPTables can be downloaded for free from http://www.netfilter.org IPTables
is one of the most used stateful firewall softwares. IPTables has a feature
called ip_queue which is used in deploying an IPS. Hence if ip_queue is not
available it has to be enabled and the kernel has to be recompiled.
Snort_Inline is an inline, signature based intrusion detection system.
It is one of the most versitile detection systems available in the
open source world. It is a modified version of snort.
Snort_inline is a pattern
matching IDS & hence will require its
lates database of signatures This signature database though is made
for snort, with minor modifications could be adapted by snort_inline.
Hence the convert-IPS script surfaced to edit the rules for compatt.
July 15, 2003 20:09