Statefull Packer Inspection against any kind of Malware!

beatnik beatnik at mail.gr
Wed Aug 11 21:51:05 EEST 2004


ricudis at itc.auth.gr wrote in
news:mailman.249.1092245178.316.linux-greek-users at lists.hellug.gr: 


> To clamd mou kanei 2msec gia na elegksei ena 1500 bytes file against
> 22k signatures - oso to typical RTT se ena 10ri ethernet diktyo. An
> ypo8esoume oti exeis specialized hardware gi ayth th douleia,
> periorizeis ta signatures stous current ious (de me noiazei na elegxw
> pia gia to PIXEL virus) kai to syndiaseis me ena psiloeksypno state
> machine (de me endiaferei na elegxw ka8e paketo apo ena mp3 h avi file
> poy erxetai apo to kazaa) nomizw oti mporeis na meiwseis to latency se
> PSILOanekta oria. 
> 
> Ola ayta einai sketh 8ewria, bebaia.

Diladi me alla logia pisteueis oti ginetai en antithesi me tous allous...

Mporei diladi to iptables (me kernel > v2.4 gia na ypostirizei kai 
statefull packet filtering) na rytmistei episis oste na kanei episis kai 
tcp/ip packet(header kai data portion) check gia malware signatute match?

Mporei kata ti gnomi sou to iptables na kanei autes tis 2 douleies 
tautoxrona mono tou xoris na ta clients pou perimenous ta data na trone 
timeouts kai na petane errors?

An nai kaneis enan kopo na kaneis paste to ruleset pou tha 
xrisimopoiouses sto iptbles gia na to epityxeis? (an exeis orexi fysika)



-- 
Just because I can, doesnt mean I will.
Just because I dont, doesnt mean I cant.
Just because you say so, doesnt mean Ill change.
And above all, just because you want it, doesnt mean I care.





More information about the Linux-greek-users mailing list