[rbak-nsp] IDS in SEOS
Marcin Kuczera
marcin at leon.pl
Mon Jun 20 10:05:08 EDT 2011
hello,
did anyone of you tried to create IDS functionality (or a subset of IDS
functions) in SEOS ?
I'am looking for something like:
- if match condtion, than accept and log to external syslog server
- match condition - i.e. syn to tcp port 25
As I see in documentation, it should be possible to mirror this traffic
to some circuit and than I could do postprocessin on some external
linux/bsd server.
This looks like a solution with less XCRP load.
But - maybe you have some hints/experience ?
I need to detect spammers and unwanted DHCP servers.
Regards,
Marcin
More information about the redback-nsp
mailing list