[Snort-users] SNMP alerts?

Martin Roesch roesch at ...421...
Thu Jan 18 02:46:12 EST 2001


I'd definitely love to see this plugin make into the general release...
:)

    -Marty

Glenn Mansfield wrote:
> 
> Snmp Alerts ? Yes our snort output plugins do send out snmpalerts -
> and secure ones too. It is no big deal. The corresponding MIB which
> defines the objects that will be used in the alerts are defined in
> http://www.ietf.org/internet-drafts/draft-glenn-id-sensor-alert-mib-01.txt
> The "sensor" MIB has used Snort as the model.
> 
> We have this MIB implemented on tiny IDSs running snort and generating
> snmp-alerts [Nothing else]. The almighty managers receiving the alerts
> do the work and even generate XML messages in conformance with the
> present proposed IDMEF XML-DTD. [This was demonstrated at the
> IETF-IDWG meeting at SanDiego. Details should be there in the minutes]
> 
> For those who want the MIB, it is already there - let me know if there are
> more things that we will need in the MIB. I intend having a core MIB which
> contains the essentials and several extension MIBs for Packet formats,
> traffic
> patterns, specific attacks ......
> 
> For those who want the code, please hold on. I need to do the packaging so
> that only a few simple steps are required to build and make. It is coming
> soon.
> 
> Cheers
> 
> Glenn
> 
> ----- Original Message -----
> From: "Martin Roesch" <roesch at ...421...>
> To: "Dragos Ruiu" <dr at ...381...>
> Cc: "Fyodor" <fygrave at ...121...>; "Jeff Dell" <jdell at ...912...>;
> <snort-users at lists.sourceforge.net>
> Sent: Tuesday, December 05, 2000 4:04 PM
> Subject: Re: [Snort-users] SNMP alerts?
> 
> > If someone codes it up, I'll include it.  Don't we have to purchase some
> sort
> > of unique ID for our SNMP traffic, thought?  I seem to remember something
> > about that (watch as Marty reveals his astounding ignorance of all things
> > SNMP...) :)
> >
> >    -Marty
> >
> > Dragos Ruiu wrote:
> > >
> > > On Mon, 04 Dec 2000, Fyodor wrote:
> > > > On Mon, Dec 04, 2000 at 11:51:49AM -0500, Jeff Dell wrote:
> > > > > Has anyone thought about implementing snmp alerts within Snort?
> Similar to
> > > > > the smbalerts, but instead of a popup message, it is a snmp trap?
> > > > >
> > > >
> > > > yup, "throught", :), want to code it? :)
> > >
> > > And please save us all some security grief if you do... please
> > > look at V3 before implementing, though it may look "simple", imho
> > > it has some safety concerns... :-)
> > >
> > > cheers,
> > > --dr
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > http://lists.sourceforge.net/mailman/listinfo/snort-users
> >
> > --
> > Martin Roesch
> > roesch at ...421...
> > http://www.snort.org
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/mailman/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list