[Snort-devel] Building an Intrusion Detection Gateway

Rob McMillen rvmcmil at ...1029...
Sun Jan 13 16:21:01 EST 2002


	I know other programs are doing the same thing, but I thought I would play
around as well.  I've modified Snort to accept packets from iptables vice
libpcap.  When the patches at the link below are applied, the resulting
Snort will be able to listen to iptables (libipq) via the -j QUEUE target
instead of libpcap.  Therefore, all packets can be sent via the Snort rules
to decide whether it should pass or drop.  This provides both a firewall and
a packet scrubber.  Please see link below for more detail.

    I decided to put what I've been playing with online so other people use
it if they wish.  If you do decide to give it a run, please let me know what
you thought.  Both good and bad.

Thanks,

Rob

 http://w3.cablespeed.com/~rvmcmil/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Building an Intrusion Detection Gateway.url
Type: application/octet-stream
Size: 139 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020113/cb0cf56a/attachment.obj>


More information about the Snort-devel mailing list