Enhancing Inline IPS Performance with Kernel String Matching

By secgeeks - Posted on June 10th, 2007

125

vote

The iptables QUEUE and NFQUEUE targets are used by both open source and commercial Intrusion Prevention Systems. These targets allow a userspace process (the IPS in this case) to acquire packet data from the Linux kernel via a netlink socket and set verdicts on whether packets should be forwarded only after the IPS has sent the packets through its detection engine. This can provide a effective means from protecting other systems from attack (subject to the usual concerns over false positives).

Continue reading here....

Bookmark/Search this post with:

Similar entries

Recent blog posts

Newly Popular

Drupalit monthly

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Problem solved!!!!
30 weeks 5 days ago
New version here
33 weeks 2 days ago
thanks for sharing.
1 year 2 weeks ago
links
1 year 2 weeks ago
Link to preplay
1 year 2 weeks ago
so now you are on linkedin
1 year 18 weeks ago
Outlook Email search tool
1 year 34 weeks ago
nice tool..
2 years 25 weeks ago
Preplay for windows
2 years 26 weeks ago
yeah,foxit is god
2 years 28 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 6 guests online.

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Fake antivirus removal instructions

Partners

www.techmantras.com
Play Free Bingo at WikiBingo.co.uk
Find the latest Scratch Cards Games
Play bingo with no commitment-bingo winner.
Rent Sell Property
Post your Classified Ads for free
add your link here..