Grizzly Steppe - TA18-106A - Filter incoming protocols



  • I was reading through the information in Alert (TA18-106A) https://www.us-cert.gov/ncas/alerts/TA18-106A Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, aka Grizzly Steppe from US CERT. Near the bottom of that document it lists commands that may be used from the Internet to gather information. I am sure it is only the tip of the iceberg for the number of possibilities that are capable.

    What technology in a Firewall will inspect the Allowed incoming data stream and block these keywords? Would this be what Suricata and Snort are used for? Or is there a lighter weight alternative?

    So as I envision it. I have created a firewall, and set up rules to allow traffic, but now as the traffic is passed through if there are certain parts of the protocol that I don't want to transmit to the internal system the system will inspect, classify and block or filter.

    Perhaps a proxy is what I am looking for?

    Thanks!