cipherdyne.org

14 August, 2006

Syngress Publishing has allowed me to post one of the chapters I wrote for the book "Intrusion Prevention and Active Response: Deploying Network and Host IPS". This chapter is entitled "Network Inline Data Modification" and explores the concept and implications of configuring an Intrusion Prevention System (IPS) to dynamically rewrite application layer data en route over a network. A PDF version of this chapter can be downloaded here. The book has received positive reviews (including one by Richard Bejtlich of taosecurity.com) on amazon.com. The actual data replacement is accomplished with Snort_inline or with a patch I wrote for the Netfilter string match extension and bundled with fwsnort.