[Snort-devel] plugin idea

Piotr Kowalczyk pikov at ...2454...
Mon Apr 5 08:14:13 EDT 2004


W liście z pon, 05-04-2004, godz. 09:34, Mike Andersen pisze: 
> On Apr 1, 2004, at 20:42, Piotr Kowalczyk wrote:
> 
> > The problem is that, i really need some
> > idea, something which hasn't been implemented yet and wouldn't be too
> > hard to do.
> 
> How about getting all IP addresses from the portscan plugin, and make a 
> plugin that logs all traffic from the internal network that goes to 
> those who have done a portscan?  Or instead of logging all IP packages, 
> just log the first 50 or 100 of them.

Great, I guess I'll try to implement both of this ideas (the second
about storing tcp sessions from Sergey Lyubka). 
THANKS, 
and cheers

	Piotr Kowalczyk





More information about the Snort-devel mailing list