teknikl at ...608...
Fri Aug 17 08:35:26 EDT 2001
I've used snort for a while now (off and on) -- and i have always loved it.
but recently, i realized it was missing one thing (at least in my opinion),
and that was a decent way to block packets -- much like the way that
portsentry does: using an external program (like ipchains, ipf, ipfw,
i know that in the contrib there is a script which will generate ipchain
rules based on snort responses, but this is not what i am looking for.
so...not being able to find anything, i have started to modify sp_respond.c
(and a header or two) to include support for external programs (like the
ones mentioned above) to be executed, as well as, a way of appending to file
(in the case of a system reboot) the rules that are generated.
...more information to come...
constructive thoughts are welcome.
More information about the Snort-devel