Snort mailing list archives
Re: Snort Block Plugin.
From: "Nicolas Saurbier" <Nicolas.Saurbier () biodata de>
Date: Wed, 26 May 2004 17:58:39 +0200
Hi, that sounds interessting... But when I send a faked infected packet with src-ip of eBay.com your software will make the Firewall block eBay? NIC
-----Ursprüngliche Nachricht----- Von: akhenato () montevideo com uy [mailto:akhenato () montevideo com uy] Gesendet: Mittwoch, 26. Mai 2004 12:46 An: Snort List Betreff: [Snort-users] Snort Block Plugin. Hi, I want to upload a contrib software that integrates with snort. Introduction: The objetive of this project is the creation of a software that can be used to control the IP traffic arriving to a server exposed to internet throught a firewall and there is an NIDS (snort) detecting attack patterns. As the NIDS detect an attack pattern, a rule is fired that end with the creation of a filter in the firewall that drop the traffic from the source address suspected. The NIDS and the firewall are not needed to run on the same system. Description: This software provides a server and a client applications that integrates with snort to block any source IP address for a specified time. The client must be run on the snort system and is a snort plugin. The server must be installed (and running) in a system acting as a firewall (where the netfilter rules are applied). A rule must be configured in the snort rules files that fire the plugin when the defined condition is reached. I need some help to test and optimize this software, adding features like encrypted communication between client and server, and some others that can be practical for the project.
-------------------------------------------- Any e-mail message from Biodata Systems GmbH is sent in good faith but shall neither be binding nor construed as constituting a commitment by Biodata Systems GmbH except where provided for in a written agreement. This e-mail is intended only for the use of the recipient(s) named above. Any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system. -------------------------------------------- Biodata Systems GmbH is a specialist manufacturer of Information Security products -This message has been scanned for all known viruses by 'Biodata BIGApplication®'. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Block Plugin. akhenato () montevideo com uy (May 26)
- Re: Snort Block Plugin. Matt Kettler (May 26)
- Re: Snort Block Plugin. akhenato () montevideo com uy (May 26)
- <Possible follow-ups>
- Re: Snort Block Plugin. Nicolas Saurbier (May 26)
- RE: Snort Block Plugin. CGhercoias (May 26)
- Re: Snort Block Plugin. Matt Kettler (May 26)