You can use snort to do this using plugins from the /contrib directory.
Yet this is considered dangerous in many ways since your own software
could be used as a vector to DoS you.
You can find out about it in section 5.6 and 5.7 of the snort FAQ.
http://www.snort.org/docs/FAQ.txt
Good luck.
Erik
On Thu, 2004-05-27 at 12:08, krunk wrote:
> I'm attempting to create iptable rules given a log output, but I'm
> having trouble finding any good documentation on the topic. I've tried
> doing a direct translation myself, but being an iptable newbie haven't
> been too successful.
>
> For example, here is a drop log from an attempted usenet connection
> from one of my clients:
>
> May 27 10:57:40 tuxmac DROPl:IN=eth1 OUT=ppp0 SRC=$INTIP
> DST=216.77.188.18 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=54700 DF
> PROTO=TCP SPT=56485 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0
>
> My goal is to make an interactive program which will create exact,
> meaningful rules from log entries.
>
> cheers,
>
> james
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/27/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST