[Snort-devel] Fwd: hybrid IDS using snort

Bill Reimer breimer273 at ...2499...
Tue Mar 10 09:21:52 EDT 2015


It's been a long time since I have done this, so pardon me if I leave out
details, but this link explains how to configure snort to include a
preprocessor.

http://manual.snort.org/node23.html

Once you compile your preprocessor you will place the preprocessor into the
preprocessor folder. Should the same folder that has the other
preprocessors out of the box. Then add your directive to the snort.conf
file to tell it to include the new preprocessor and restart snort.

Bill

On Tue, Mar 10, 2015 at 1:45 AM, Al Lewis (allewi) <allewi at ...3461...> wrote:

>  Hello,
>
>
>
> The link I sent shows an example of how to create and register your own
> custom preprocessor.
>
>
>
> If you are a beginner to C / development it “may” be a lot to start off
> with.
>
>
>
>
>
> Maybe you can try this as it explains the steps a little more in depth:
>
>
>
>
> http://www.sans.org/reading-room/whitepapers/tools/developing-snort-dynamic-preprocessor-32874
>
>
>
>
>
> Hope this helps.
>
>
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi at ...3461...
>
>
>
> *From:* Roshan Srivastava [mailto:roshan.kumar417 at ...2499...]
> *Sent:* Tuesday, March 10, 2015 4:33 AM
> *To:* Al Lewis (allewi)
> *Subject:* Re: [Snort-devel] Fwd: hybrid IDS using snort
>
>
>
> Thank You Sir for your response,
> I read that C code but I want to know how would i be able to integrate a
> preprocessors code into snort source code ..what are the packages I am
> suppose to install ...Please help me out with this ..
> P.S ..I am beginner to development thing.. :(
>
>
>
> On Mon, Mar 9, 2015 at 3:48 PM, Al Lewis (allewi) <allewi at ...3461...>
> wrote:
>
> Do you have a basic preprocessor setup? If not this
> http://manual.snort.org/node40.html may be a good place to start.
>
>
>
> Hope this helps!
>
>
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi at ...3461...
>
>
>
> *From:* Roshan Srivastava [mailto:roshan.kumar417 at ...2499...]
> *Sent:* Sunday, March 08, 2015 9:34 AM
> *To:* snort-devel at lists.sourceforge.net
> *Subject:* [Snort-devel] Fwd: hybrid IDS using snort
>
>
>
> I am doing a project based on intrusion detection systems.
>
> And I want to build a Hybrid IDS using open source tool SNORT. I read few
> good papers on that. But still I am not able to get a lead on how to mount
> PHAD (an anomaly based IDS) as a preprocessor to SNORT. Please help me to
> get a lead in my project.
>
> Thanks!!
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150310/f80dd439/attachment.html>


More information about the Snort-devel mailing list