[Snort-devel] Additional feature in sfportscan preprocessor

Sandro Poppi spoppi at ...224...
Sat Apr 23 06:19:21 EDT 2005


Hi there,

Please find attached a patch for the sfportscan prerocessor which

1) adds a list of ports and ip addresses within the defined portscan
window instead of having only the range of ports/ips which might be
useful for other output plugins (like my spo_idmef ;)

2) adds various additional checks in portscan.c which seem to be omitted.

Item 1 is supposed to be a configure option --enable-ps-lists like

AC_ARG_ENABLE(ps_list,
  [  --enable-ps-list    Create a list of ip addresses and ports in
sfportscan],
            [ if test "$enable_ps_list" = "yes"; then
                   CFLAGS="$CFLAGS -DENABLE_PS_LISTS"
                   LIBS="$LIBS";
              fi
            ],)

I'd appreciate feedback about that addition if someone finds it useful
and if it'll be included in a future snort version.

Thank you,
Sandro
-- 
"Linux is like a wigwam: no windows, no gates ... apache inside!"

http://www.lug-burghausen.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sfportscan-patch.tar.gz
Type: application/x-gzip
Size: 3147 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050423/db3ad9dc/attachment.bin>


More information about the Snort-devel mailing list