[Snort-devel] Idea/Thought.

Alex Jokela teknikl at ...608...
Fri Aug 17 08:35:26 EDT 2001


Greetings!

I've used snort for a while now (off and on) -- and i have always loved it.
but recently, i realized it was missing one thing (at least in my opinion),
and that was a decent way to block packets -- much like the way that
portsentry does: using an external program (like ipchains, ipf, ipfw,
iptables, etc...)

i know that in the contrib there is a script which will generate ipchain
rules based on snort responses, but this is not what i am looking for.

so...not being able to find anything, i have started to modify sp_respond.c
(and a header or two) to include support for external programs (like the
ones mentioned above) to be executed, as well as, a way of appending to file
(in the case of a system reboot) the rules that are generated.

...more information to come...

constructive thoughts are welcome.

thanks.

	alex jokela





More information about the Snort-devel mailing list