[Snort-devel] plugin idea
pikov at ...2454...
Mon Apr 5 08:14:13 EDT 2004
W liście z pon, 05-04-2004, godz. 09:34, Mike Andersen pisze:
> On Apr 1, 2004, at 20:42, Piotr Kowalczyk wrote:
> > The problem is that, i really need some
> > idea, something which hasn't been implemented yet and wouldn't be too
> > hard to do.
> How about getting all IP addresses from the portscan plugin, and make a
> plugin that logs all traffic from the internal network that goes to
> those who have done a portscan? Or instead of logging all IP packages,
> just log the first 50 or 100 of them.
Great, I guess I'll try to implement both of this ideas (the second
about storing tcp sessions from Sergey Lyubka).
More information about the Snort-devel