Custom Rules: Purpose of Interception Rules

Custom Rules: Purpose of Interception Rules

Within the Custom Rules, you can create rules that intercept specific types of connections. In addition craft a custom message for the source which matches the custom rules. In order for the interception to function properly, an IP address must be assigned to the interception bridge pair and the TCP protocol must be selected. 

Once you have properly prepared PacketViper for connection interception, you can then create any variety of interception rules. These rules will be evaluated before Countries and Global Network lists, but you can attach any country, company, or network to the rule to have it target specifics types of traffic.

 

Example uses:

  • WEB: Create an interception rule that intercepts web traffic outbound to high-risk countries, companies, and networks.  When violated when the users attempt a web request your crafted message will be displayed on the user's browser.

 

  • WEB: Create an interception rule that intercepts Inbound web traffic from countries, companies, or networks to web servers they are not authorized to access.  When violated, the source web browser displays your custom message.

 

  • WEB: Create an interception rules that intercepts alternative web ports such as 81, 591, 8000, 8008, 8080. When violated when the users attempt a web request your crafted message will be displayed on the user's browser.

 

  • SMTP: Create an interception rule that intercepts SMTP traffic from high-risk countries, companies, or networks.  The sender can receive a message explaining why their email has not been accepted.  This is useful should you want to explain to the sender how to fix the problem (Example: You message was not received.  Visit http://yourdomain.com/abuse and complete the form.

 

  • SMTP: Create an interception rule with a destination of an IP address that is not your mail server.  Your custom message can be positive, to make the spammer believe they reached a good email server.  This will uncover the spammer's scanning IP's, and the sources they use to send the actual spam.

 

  • TELNET, SSH, SOCKS, PROXY:  Create an interception rule that listens for TELNET, SSH, SOCKS, PROXY that provides a positive response to the source.  This deceives the attacker in believing the ports are available.This will uncover an attacker scanning IP's, and the sources they use to attack those ports. 

 

 

 

 

 

 

 

    • Related Articles

    • Custom Rules: Dragging and Dropping Rules

      Watch Video Within Traffic Control --> Custom Rules you can drag rules from one group to another. Simply Go to Custom Rules Left click on the rule you wish to move, hold mouse button down Drag it to the grouping and release the mouse You rule will ...
    • Some Common High-Risk Ports

      In PacketViper we will often use deception and dynamic perimeter technology to trap, observe, alert, and respond to certain patterns of traffic.  One of the most invaluable tools in that sort of pattern analysis is the target or destination port that ...
    • NetCheck: Click and Create Rules

      When you click on an IP address anywhere within PacketViper, you will launch NetCheck.  Within NetCheck you can create instant rules. Once you have NetChecked an IP address you can create two types of Custom Rules, Single IP or for the network(s) it ...
    • Creating a Grouping for High Risk Network Ports

      PacketViper can create Network Port Groupings to apply to Countries, Global Network Lists, Custom Rules, and triggers.  Below is a list of well-known malicious ports you may want to consider creating a grouping. While you could simply block these ...
    • PacketViper Admin Guide - Version 5.9

      The v5 Admin Guide contains how-to information on configuration and policy creation scenarios as well as usage details to customize your PacketViper solution. Published: June, 2023