[Snort-devel] Help Needed on Writing Detection Plugin

danny smith welshisecurity at ...2499...
Mon Jan 30 05:05:01 EST 2006


Hi,
There's a few preprocessor templates in the snort src code, which
helped me alot.
It's well worth just looking through the other preprocessors src code
to figure out how to do bits and bobs.
I did have a ppt presentation on writing preprocessors from the snort
team, but can't find the url so appologies for this small note.
Maybe one of the guys here could point you to a link which explains it all.
If not I'll send u a copy when I'm at home.

regards..



On 1/30/06, Lakshmi Narayanan Narasimhan <lakshminarayanan79 at ...398...> wrote:
> Hi all,
>
> I am planning to write a detection plugin for SNORT that does protocol
> normalization (normalizes the packets on standards/RFC). Is there any HOWTO
> document for SNORT plugin developers?
>
> I planning to normalize packets as malformed packets are used as IDS evasion
> techniques. Moreover normalize packets also helps to reduce Active
> Fingerprinting efforts.
>
> I m currently looking for following information
> 1. Is there are plugin/preprocessor that normalizes IP/TCP/UDP/ICMP
> 2. A pointer to document that describes plugin development for SNORT.
>
> Thanks In Advance and Have A Great Day.
>
> Regards,
> Lakshmi
>
>
>  ________________________________
>  Jiyo cricket on Yahoo! India cricket
>
>




More information about the Snort-devel mailing list