[Snort-devel] Sound Alerting Preprocessor

Andrea Barisani lcars at ...360...
Wed May 2 12:23:01 EDT 2001


Hi to all!

Does anyone has tried Peep (The Network Auralizer, peep.sourceforge.net).
Take a look at it! I'm currently using it and I think that is a great tool
(and also very effective). Do you think that a similiar plugin for snort
could be useful ? I think so, sound alerting for a set of events (like
specific exploit and portscans...mmh maybe this could flood the
administrators ears :) ) could raise the admin response time. Actually
there's no need to implement such a plugin, mainly because peep is a log
parser and so it can parse snort log files with user defined patterns,
however a plugin can do the work much faster (maybe with new rules
extensions), and we could also implement a traffic rate audible indicator
(like the load average monitor of peep wich play a waterflow).

I know that it sounds like a VERY silly thing for an IDS but beleive me,
it's very useful...just try it :)

Let me know what you think. 

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer
Department of Physics       - University of Trieste
lcars at ...360... - PGP Key 0x8E21FE82
------------------------------------------------------------
"How would you know I'm mad?" said Alice.
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------





More information about the Snort-devel mailing list