[Snort-devel] Inter-Sensor Communication? (long)

agetchel at ...358... agetchel at ...358...
Mon May 21 02:32:21 EDT 2001

> You mean as broadcasts? Would work, but I think reliability would be
> desired. If you'd use directed packets, you still have 19^2 packets
> floating around. I think the question is, should inter-sensor
> communication be implemented in a mesh (mess?), or by utilizing a
> master/controller host? (This is assuming that all sensors see the
> traffic and respond, as in worst-case. If only one sensor responds,
> it would be only 19 packets/conns)

	One of the reasons I didn't incorporate this idea into my original
post was because it would be a major architectural change for Snort in
whole.  You're now talking about changing many of the core features such as
logging, signatures, centralized configuration; well, at least you're
talking about the _possibility_ of changing all of these things to take
advantage of a centralized management server.  I feel that if one were going
to go to take the time to introduce centralized management server
capabilities into Snort, one would want it to take advantage of more than
just the ability to push out session tagging and dynamic rules to other
sensors.  Now you're talking about a _huge_ project.


Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...358...
Web     http://www.kde.state.ky.us/

More information about the Snort-devel mailing list