View Single Post
Old 09-19-07, 02:59 PM   #6
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.
OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.

OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.

That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.
evilghost is offline   Reply With Quote