IDS mailing list archives

Re: x-forwarded-for an IDS capability

From: Seth Hall <hall.692 () osu edu>
Date: Wed, 29 Apr 2009 13:56:34 -0400


On Apr 29, 2009, at 12:27 AM, James wrote:

Does anyone know of an IDS vendor/or opensource product that has the
capability of associating
an ip address in an x-forwarded-for http header with an IDS event ?
This includes events that fire on a download as well so there would
need to be some
kind of internal http state management.

That would be very straight forward to implement in Bro since it'spossible to build whatever arbitrary state you'd like to build in Bropolicy scripts. It would probably be an afternoon project for someonefamiliar with Bro scripting.


  .Seth

---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

Current thread:

x-forwarded-for an IDS capability James (Apr 29)
- RE: x-forwarded-for an IDS capability Hellman, Matthew (Apr 29)
  - Message not available
    - RE: x-forwarded-for an IDS capability Hellman, Matthew (Apr 30)
    - Re: x-forwarded-for an IDS capability Arian J. Evans (Apr 30)
  - Message not available
    - Fwd: x-forwarded-for an IDS capability Arian J. Evans (Apr 30)
- Re: x-forwarded-for an IDS capability Arian J. Evans (Apr 29)
- Re: x-forwarded-for an IDS capability Seth Hall (Apr 29)