On Fri, 9 May 2008 10:40:18 +0530 "Srikant Tangirala" <[EMAIL PROTECTED]> wrote:
> Hello All > > there some way to ensure that traffic to port 53 > is in fact not from a program like iodine and what > goes to port 80 is only HTTP/HTTPS, and so on > for all the common protocols? With my little bit > of knowledge what I figure is that we need some > piece of software(s) which understands each protocol > thoroughly, can look at raw packets in real-time > > Any help will be great. Thanks in advance. > > Srikant Tangirala. Hello All, You can do it using open-source software as "Bro" (http://bro-ids.org), it's an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. "Bro" has the "DPD" (dynamic protocol detection) feature and can reports (confirmed) uses of protocols on non-standard ports. Please see : http://www.icir.org/robin/papers/usenix06.pdf for more informations about this. Last thing, it builds and works perfectly on OpenBSD. :-) With regards, Jean-Philippe.
