[Snort-devel] Question about snort alerts

M Raju protocoljunkie at ...2499...
Wed May 11 10:14:39 EDT 2005


Sounds like you want an IPS (which I am not a big fan off). There is
some ridiculous marketing going on in the industry regarding IPS as
the "Silver Bullet" for security...

If you want active response, search for snortsam,fwsnort,snort_inline,
etc...on google

Also before considering deploying an IPS in your network, you may want
to review  some material.

The recent article by Marty Roesch:


also the excellent book which focuses on concepts more than syntax
from Richard Bejtlich:


Hope that helps..



On 5/9/05, Geries Handal <stingddp99 at ...445...> wrote:
> Dear snort developers, 
> I like to know if there is any way to read real time alerts from snort. The
> purpose is because i want to try to write a module that will response to
> some attacks in certain way... For example if i detect a portscan, or a
> worm, etc. i want to send a command to a firewall or cisco router and block
> the attack. I was thinking of using unsock option of snort, but i don't know
> if its the right way to go. Maybe you can help me giving me some
> documentation, tips, reference, etc, anything... I will really appreciate
> any help 
> Thanks 
> Geries Handal
> ________________________________
> Express yourself instantly with MSN Messenger! MSN Messenger Download today
> it's FREE!
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the
> first software developer in space? Enter now for the Oracle Space
> Sweepstakes!
> http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> _______________________________________________ Snort-devel
> mailing list Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel 

May the packets be with you.

More information about the Snort-devel mailing list