Focus on IDS
x-forwarded-for an IDS capability Apr 29 2009 04:27AM
James (jimbob coffey gmail com) (3 replies)
Re: x-forwarded-for an IDS capability Apr 29 2009 05:56PM
Seth Hall (hall 692 osu edu)

On Apr 29, 2009, at 12:27 AM, James wrote:

> Does anyone know of an IDS vendor/or opensource product that has the
> capability of associating
> an ip address in an x-forwarded-for http header with an IDS event ?
> This includes events that fire on a download as well so there would
> need to be some
> kind of internal http state management.

That would be very straight forward to implement in Bro since it's
possible to build whatever arbitrary state you'd like to build in Bro
policy scripts. It would probably be an afternoon project for someone
familiar with Bro scripting.

.Seth

---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

[ reply ]
Re: x-forwarded-for an IDS capability Apr 29 2009 04:00PM
Arian J. Evans (arian evans anachronic com)
RE: x-forwarded-for an IDS capability Apr 29 2009 02:55PM
Hellman, Matthew (Hellman Matthew principal com)


 

Privacy Statement
Copyright 2010, SecurityFocus