Snort mailing list archives
faking database entries
From: Yonah Russ <yonah () mail jct ac il>
Date: Tue, 17 Jul 2001 10:01:29 +0300 (IDT)
Hi, I asked a while back about incorporating arpwatch into snort... then someone said it was being worked on but I haven't heard about it since... I figured the easiest way for me to get arpwatch integrated is to parse its alerts and fake database entries as if they came from snort itself... With all the optimizations in the database, I wanted to ask for the official lowdown on what has to be fiddled with for this kind of entry to work out... I'm using Snort v1.7 with ACID v0.9.6b10 - I would rather not upgrade to snort v1.8 if I don't have to because this is part of a final project for my degree(final==must finish). thanks yonah Email: <yonah () execs com> Homepage: <http://p-yonah.jct.ac.il/> PGP: 0x7C3C2524 <ldap://certserver.pgp.com> "Quote me as saying I was misquoted." --Groucho Marx _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan > database gerhard (Jul 16)
- <Possible follow-ups>
- Re: Portscan > database roman (Jul 16)
- faking database entries Yonah Russ (Jul 17)