|
Virus Scanner at Packet LEVEL
Hello friends,
I am creating a firewall through IPTABLES and i also want to add the feature of anti-virus so is there any suggestions how i can do it. So that i can scan the packets affected by viruses and can be removed. Thanx for the same. bye and have a nice time, Ankur. om shanti. |
I'm not sure if it's a good idea. The thing is that viruses (standard meaning, not worms and attack tools) are hidden into executables (or different file types). It means to find it you need to know the file type and be able to analyze it. In your case - rebuild the data from packets and scan it.
When it comes to worms and such things, it's much easier. Block all not used ports. Write rules that don't accept strange addresses, strange flag combinations etc. |
It's not really possible to do that. The packets themselves aren't viruses, only when they are re-assembled at a higher level. You can scan them then but, of course, that's not what you're asking.
If you're trying to block attacks at the network level (Ping of death etc) then you can use iPTABLES. |
| All times are GMT -5. The time now is 02:04 AM. |