Snort Block Plugin.

["akhenato () montevideo com uy" <akhenato () montevideo com uy>]

Hi, I want to upload a contrib software that integrates with snort.
 
Introduction:
The objetive of this project is the creation of a software
that can be used to control the IP traffic arriving to a
server exposed to internet throught a firewall and there
is an NIDS (snort) detecting attack patterns.
As the NIDS detect an attack pattern, a rule is fired that
end with the creation of a filter in the firewall that drop
the traffic from the source address suspected.
The NIDS and the firewall are not needed to run on the same
system.
 
Description:
This software provides a server and a client applications that
integrates with snort to block any source IP address for a
specified time. The client must be run on the snort system and
is a snort plugin. The server must be installed (and running) in
a system acting as a firewall (where the netfilter rules are applied).
 
A rule must be configured in the snort rules files that fire
the plugin when the defined condition is reached.
 
I need some help to test and optimize this software, adding
features like encrypted communication between client and server,
and some others that can be practical for the project.

Attachment: SnortBlock.tgz
Description: