[Snort-devel] Fwd: hybrid IDS using snort

Al Lewis (allewi) allewi at ...3461...
Tue Mar 10 04:45:08 EDT 2015


Hello,

The link I sent shows an example of how to create and register your own custom preprocessor.

If you are a beginner to C / development it “may” be a lot to start off with.


Maybe you can try this as it explains the steps a little more in depth:

http://www.sans.org/reading-room/whitepapers/tools/developing-snort-dynamic-preprocessor-32874


Hope this helps.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3461...

From: Roshan Srivastava [mailto:roshan.kumar417 at ...2499...]
Sent: Tuesday, March 10, 2015 4:33 AM
To: Al Lewis (allewi)
Subject: Re: [Snort-devel] Fwd: hybrid IDS using snort

Thank You Sir for your response,
I read that C code but I want to know how would i be able to integrate a preprocessors code into snort source code ..what are the packages I am suppose to install ...Please help me out with this ..
P.S ..I am beginner to development thing.. :(

On Mon, Mar 9, 2015 at 3:48 PM, Al Lewis (allewi) <allewi at ...3461...<mailto:allewi at ...3461...>> wrote:
Do you have a basic preprocessor setup? If not this  http://manual.snort.org/node40.html may be a good place to start.

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3461...<mailto:allewi at ...3461...>

From: Roshan Srivastava [mailto:roshan.kumar417 at ...2499...<mailto:roshan.kumar417 at ...2499...>]
Sent: Sunday, March 08, 2015 9:34 AM
To: snort-devel at lists.sourceforge.net<mailto:snort-devel at lists.sourceforge.net>
Subject: [Snort-devel] Fwd: hybrid IDS using snort


I am doing a project based on intrusion detection systems.

And I want to build a Hybrid IDS using open source tool SNORT. I read few good papers on that. But still I am not able to get a lead on how to mount PHAD (an anomaly based IDS) as a preprocessor to SNORT. Please help me to get a lead in my project.

Thanks!!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150310/1347206f/attachment.html>


More information about the Snort-devel mailing list