Network based Intrusion Detection System

From Atomicorp Wiki
Jump to: navigation, search

ASL also includes a high speed network based intrusion prevent system.

Current Features

Blocks shellshock attacks on non-HTTP services (the WAF blocks shellshock attacks on HTTP services)

Blocks heartbleed attacks

Blocks DNS amplification attacks

Blocks NTP amplification attacks

DNS amplification attacks

You can also define queries you want to block to DNS to help prevent DNS amplification attacks. Custom queries are defined in this file:

/etc/asl/firewall/custom-domains

The format for this file is:

domain,type

For example:

.,ANY

One entry per line.

Personal tools