[Snort-devel] Passive Host

anonpoet jason at ...506...
Fri Jul 20 12:29:07 EDT 2001


I'm about half way through writing an extention that allows IP lists to
be changed at runtime.  I'm trying to add some targeted IDS ability to
snort.  So you will be able to write rules like:

alert tcp any <> $WINDOWS_BOXEN any

and have the values of $WINDOWS_BOXEN be modified by a passive host
identification module at runtime.

I'll probably finish up a prototype this weekend or next.  Is anyone
else interested and what features would you like put in?


Jason Larsen
jason at ...506...






More information about the Snort-devel mailing list