Re: How to filter based on application protocol being used

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Srikant Tangirala <srikant.bsd@...>

Cc: <misc@...>

Subject: Re: How to filter based on application protocol being used

Date: Friday, May 9, 2008 - 7:40 am

On Fri, 9 May 2008 10:40:18 +0530
"Srikant Tangirala" <srikant.bsd@gmail.com> wrote:

quoted text> Hello All
> 
> there some way to ensure that traffic to port 53
> is in fact not from a program like iodine and what
> goes to port 80 is only HTTP/HTTPS, and so on
> for all the common protocols? With my little bit
> of knowledge what I figure is that we need some
> piece of software(s) which understands each protocol
> thoroughly, can look at raw packets in real-time
> 
> Any help will be great. Thanks in advance.
> 
> Srikant Tangirala.

Hello All,

You can do it using open-source software as "Bro" (http://bro-ids.org),
it's an open-source, Unix-based Network Intrusion Detection
System (NIDS) that passively monitors network traffic and looks for
suspicious activity.
"Bro" has the "DPD" (dynamic protocol detection) feature and can 
reports (confirmed) uses of protocols on non-standard ports.

Please see : http://www.icir.org/robin/papers/usenix06.pdf for more
informations about this.

Last thing, it builds and works perfectly on OpenBSD. :-)

With regards,

Jean-Philippe.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 1:10 am)

Re: How to filter based on application protocol being used, jean-philippe luiggi, (Fri May 9, 7:40 am)

Re: How to filter based on application protocol being used, Marcus Andree, (Mon May 12, 7:44 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 9:35 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 2:25 am)

Re: How to filter based on application protocol being used, Johan Fredin, (Fri May 9, 4:51 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 2:53 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 3:06 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 1:58 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
David Newall	Re: Slow DOWN, please!!!
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Fred .	Please add ZFS support (from GPL sources)
Andi Kleen	Please pull ACPI updates
git:
Peter Stahlir	Git as a filesystem
linux	[DRAFT] Branching and merging with git
Jakub Narebski	[PATCH 2/n] gitweb: Use '&iquot;' instead of '?' in esc_path
Junio C Hamano	Re: irc usage..
openbsd-misc:
Theo de Raadt	That whole "Linux stealing our code" thing
Koh Choon Lin	OBSD on MacBook
Floor Terra	Re: bcw(4) is gone
William Boshuck	Re: Real men don't attack straw men
linux-activists:
Jim Winstead Jr.	Re: Root Disk/Book Disk Compatibility
Desmond A. Kirkpatrick	ATI GUP bug with Linux 'tickler'
David C. Niemi	Re: rsh: "rcmd: socket: Permission denied"
Theodore Ts'o	Re: help again and again

Latest forum posts


problem with 2.6 kernel driver for a USB MAG Stripe Reader as HID device.	6 hours ago	Linux kernel
get_user_pages failure	8 hours ago	Linux kernel
Reading linux kernel	9 hours ago	Linux kernel
High level of Seagate 2.5" SATA drives failing	15 hours ago	Hardware
Resetting the bios password for Toshiba Laptop	19 hours ago	Hardware
Linux 2.6.22 slowly RUNS OUT OF LOWMEM	21 hours ago	Linux kernel
Questions about modules	1 day ago	Linux kernel
KDB	1 day ago	Linux kernel
Writing a framebuffer driver for an embedded spi interface (!!)	1 day ago	Linux kernel
System with alot of memory doing nothing, locks up after OOM-Killer	2 days ago	Linux kernel

Show all forums...

Colocation donated by:

Online users

Syndicate