Network based Intrusion Detection System

From Atomicorp Wiki
Jump to: navigation, search

ASL also includes a high speed network based intrusion prevent system.

[edit] Current Features

Blocks shellshock attacks on non-HTTP services (the WAF blocks shellshock attacks on HTTP services)

Blocks heartbleed attacks

Blocks DNS amplification attacks

Blocks NTP amplification attacks

[edit] DNS amplification attacks

You can also define queries you want to block to DNS to help prevent DNS amplification attacks. Custom queries are defined in this file:

/etc/asl/firewall/custom-domains

The format for this file is:

domain,type

For example:

.,ANY

One entry per line.

Personal tools