[Snort-devel] Help Needed on Writing Detection Plugin

Lakshmi Narayanan Narasimhan lakshminarayanan79 at ...398...
Sun Jan 29 20:45:09 EST 2006


Hi all,

I am planning to write a detection plugin for SNORT that does protocol normalization (normalizes the packets on standards/RFC). Is there any HOWTO document for SNORT plugin developers?

I planning to normalize packets as malformed packets are used as IDS evasion techniques. Moreover normalize packets also helps to reduce Active Fingerprinting efforts.

I m currently looking for following information
1. Is there are plugin/preprocessor that normalizes IP/TCP/UDP/ICMP
2. A pointer to document that describes plugin development for SNORT.

Thanks In Advance and Have A Great Day.

Regards,
Lakshmi

				
---------------------------------
 Jiyo cricket on Yahoo! India cricket
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20060129/4d0a01b0/attachment.html>


More information about the Snort-devel mailing list