On Apr 29, 2009, at 12:27 AM, James wrote:
Does anyone know of an IDS vendor/or opensource product that has the capability of associating an ip address in an x-forwarded-for http header with an IDS event ? This includes events that fire on a download as well so there would need to be some kind of internal http state management.
That would be very straight forward to implement in Bro since it's possible to build whatever arbitrary state you'd like to build in Bro policy scripts. It would probably be an afternoon project for someone familiar with Bro scripting.
.Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721
