IDS mailing list archives
Re: x-forwarded-for an IDS capability
From: Seth Hall <hall.692 () osu edu>
Date: Wed, 29 Apr 2009 13:56:34 -0400
On Apr 29, 2009, at 12:27 AM, James wrote:
Does anyone know of an IDS vendor/or opensource product that has the capability of associating an ip address in an x-forwarded-for http header with an IDS event ? This includes events that fire on a download as well so there would need to be some kind of internal http state management.
That would be very straight forward to implement in Bro since it's possible to build whatever arbitrary state you'd like to build in Bro policy scripts. It would probably be an afternoon project for someone familiar with Bro scripting.
.Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721
Current thread:
- x-forwarded-for an IDS capability James (Apr 29)
- RE: x-forwarded-for an IDS capability Hellman, Matthew (Apr 29)
- Message not available
- RE: x-forwarded-for an IDS capability Hellman, Matthew (Apr 30)
- Re: x-forwarded-for an IDS capability Arian J. Evans (Apr 30)
- Message not available
- Message not available
- Fwd: x-forwarded-for an IDS capability Arian J. Evans (Apr 30)
- RE: x-forwarded-for an IDS capability Hellman, Matthew (Apr 29)