Custom Rules: Purpose of Interception Rules
Within the Custom Rules, you can create rules that intercept specific types of connections. In addition craft a custom message for the source which matches the custom rules. In order for the interception to function properly, an IP address must be assigned to the interception bridge pair and the TCP protocol must be selected.
Once you have properly prepared PacketViper for connection interception, you can then create any variety of interception rules. These rules will be evaluated before Countries and Global Network lists, but you can attach any country, company, or network to the rule to have it target specifics types of traffic.
Example uses:
-
WEB: Create an interception rule that intercepts web traffic outbound to high-risk countries, companies, and networks. When violated when the users attempt a web request your crafted message will be displayed on the user's browser.
-
WEB: Create an interception rule that intercepts Inbound web traffic from countries, companies, or networks to web servers they are not authorized to access. When violated, the source web browser displays your custom message.
-
WEB: Create an interception rules that intercepts alternative web ports such as 81, 591, 8000, 8008, 8080. When violated when the users attempt a web request your crafted message will be displayed on the user's browser.
-
SMTP: Create an interception rule that intercepts SMTP traffic from high-risk countries, companies, or networks. The sender can receive a message explaining why their email has not been accepted. This is useful should you want to explain to the sender how to fix the problem (Example: You message was not received. Visit http://yourdomain.com/abuse and complete the form.
-
SMTP: Create an interception rule with a destination of an IP address that is not your mail server. Your custom message can be positive, to make the spammer believe they reached a good email server. This will uncover the spammer's scanning IP's, and the sources they use to send the actual spam.
-
TELNET, SSH, SOCKS, PROXY: Create an interception rule that listens for TELNET, SSH, SOCKS, PROXY that provides a positive response to the source. This deceives the attacker in believing the ports are available.This will uncover an attacker scanning IP's, and the sources they use to attack those ports.
Related Articles
Custom Rules: Dragging and Dropping Rules
Watch Video Within Traffic Control --> Custom Rules you can drag rules from one group to another. Simply Go to Custom Rules Left click on the rule you wish to move, hold mouse button down Drag it to the grouping and release the mouse You rule will ...
Custom Rules: Attach Country/Company Grouping
Watch Video Using Custom Rules you can attach a custom grouping to the rule if you wish to filter multiple countries and companies. You can use this method to should you want to add more control above the country and company level filtering. Use ...
Some Common High-Risk Ports
In PacketViper we will often use deception and dynamic perimeter technology to trap, observe, alert, and respond to certain patterns of traffic. One of the most invaluable tools in that sort of pattern analysis is the target or destination port that ...
Q&A Can I add multiple IP addresses in Custom Rules or Triggers
Yes. You have to create a Network Grouping, then Apply is to the source or destination network/IP. You can not separate IP addresses with commas within Source/Destination network/IP fields.
NetCheck: Click and Create Rules
When you click on an IP address anywhere within PacketViper, you will launch NetCheck. Within NetCheck you can create instant rules. Once you have NetChecked an IP address you can create two types of Custom Rules, Single IP or for the network(s) it ...