Snort mailing list archives
Snort Block Plugin.
From: "akhenato () montevideo com uy" <akhenato () montevideo com uy>
Date: 26 May 2004 07:46:05 -0300
Hi, I want to upload a contrib software that integrates with snort. Introduction: The objetive of this project is the creation of a software that can be used to control the IP traffic arriving to a server exposed to internet throught a firewall and there is an NIDS (snort) detecting attack patterns. As the NIDS detect an attack pattern, a rule is fired that end with the creation of a filter in the firewall that drop the traffic from the source address suspected. The NIDS and the firewall are not needed to run on the same system. Description: This software provides a server and a client applications that integrates with snort to block any source IP address for a specified time. The client must be run on the snort system and is a snort plugin. The server must be installed (and running) in a system acting as a firewall (where the netfilter rules are applied). A rule must be configured in the snort rules files that fire the plugin when the defined condition is reached. I need some help to test and optimize this software, adding features like encrypted communication between client and server, and some others that can be practical for the project.
Attachment:
SnortBlock.tgz
Description:
Current thread:
- Snort Block Plugin. akhenato () montevideo com uy (May 26)
- Re: Snort Block Plugin. Matt Kettler (May 26)
- Re: Snort Block Plugin. akhenato () montevideo com uy (May 26)
- <Possible follow-ups>
- Re: Snort Block Plugin. Nicolas Saurbier (May 26)
- RE: Snort Block Plugin. CGhercoias (May 26)
- Re: Snort Block Plugin. Matt Kettler (May 26)