Sound Alerting Preprocessor

[Andrea Barisani <lcars () infis univ trieste it>]

Hi to all!

Does anyone has tried Peep (The Network Auralizer, peep.sourceforge.net).
Take a look at it! I'm currently using it and I think that is a great tool
(and also very effective). Do you think that a similiar plugin for snort
could be useful ? I think so, sound alerting for a set of events (like
specific exploit and portscans...mmh maybe this could flood the
administrators ears :) ) could raise the admin response time. Actually
there's no need to implement such a plugin, mainly because peep is a log
parser and so it can parse snort log files with user defined patterns,
however a plugin can do the work much faster (maybe with new rules
extensions), and we could also implement a traffic rate audible indicator
(like the load average monitor of peep wich play a waterflow).

I know that it sounds like a VERY silly thing for an IDS but beleive me,
it's very useful...just try it :)

Let me know what you think. 

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer
Department of Physics       - University of Trieste
lcars () infis univ trieste it - PGP Key 0x8E21FE82
------------------------------------------------------------
"How would you know I'm mad?" said Alice.
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users