Adam Coyne wrote:
Alexey E. Suslikov wrote:
I'd like to pass or block certain packets based on an inspection
of the payload after scrubbing.
snort is your friend. check out http://www.snort.org/
As far as I have seen, snort's native blocking ability is limited to
adding firewall rules, and
On Friday, Aug 1, 2003, at 13:59 US/Pacific, Adam Coyne wrote:
I'd like to pass or block certain packets based on an inspection of
the payload after scrubbing. It might be fun if pf were able to use a
bpf-style expression like 'protocol[offset:size] = x' to create rules
which look at the data
