Hi all,
did someone ever heard of an
“Protocol-aware Intrusion Prevention System (IPS) with Deep Packet Inspection (DPI)-enhanced traffic control” or even tried it ?
This term encompasses the following aspects:
- Protocol-aware: Suricata, enhanced by nDPI, can identify and act on specific protocols and applications.
- Intrusion Prevention System (IPS): Suricata is operating in inline mode to actively prevent threats.
- Deep Packet Inspection (DPI): nDPI provides advanced protocol and application identification capabilities.
- Traffic control: iptables is used to enforce the firewall rules based on Suricata’s decisions.
Will not go much deeper (currently i can only a little 
) but have read of the possibility. Suricata is there, IPTables is there nDPI is here → GitHub - ntop/nDPI: Open Source Deep Packet Inspection Software Toolkit .
Might be nice to hear some “Dos und Don’ts”, further ideas, about possible environments and for sure your opinion on this topic.
Best,
Erik