[Snort-devel] Question about snort alerts
protocoljunkie at ...2499...
Wed May 11 10:14:39 EDT 2005
Sounds like you want an IPS (which I am not a big fan off). There is
some ridiculous marketing going on in the industry regarding IPS as
the "Silver Bullet" for security...
If you want active response, search for snortsam,fwsnort,snort_inline,
Also before considering deploying an IPS in your network, you may want
to review some material.
The recent article by Marty Roesch:
also the excellent book which focuses on concepts more than syntax
from Richard Bejtlich:
Hope that helps..
On 5/9/05, Geries Handal <stingddp99 at ...445...> wrote:
> Dear snort developers,
> I like to know if there is any way to read real time alerts from snort. The
> purpose is because i want to try to write a module that will response to
> some attacks in certain way... For example if i detect a portscan, or a
> worm, etc. i want to send a command to a firewall or cisco router and block
> the attack. I was thinking of using unsock option of snort, but i don't know
> if its the right way to go. Maybe you can help me giving me some
> documentation, tips, reference, etc, anything... I will really appreciate
> any help
> Geries Handal
> Express yourself instantly with MSN Messenger! MSN Messenger Download today
> it's FREE!
> This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the
> first software developer in space? Enter now for the Oracle Space
> _______________________________________________ Snort-devel
> mailing list Snort-devel at lists.sourceforge.net
May the packets be with you.
More information about the Snort-devel