[Snort-users] SNMP alerts?

Karl Lovink karl at ...501...
Thu Jan 18 04:53:07 EST 2001


Marty,

You can get your own OID for free by ICANN. Dit is myself to for some testing 
purposes.
Just mail to IANA Private Enterprise Number [iana-pen at ...1166...]
And you get a OID

Karl



Aanhalen Martin Roesch <roesch at ...421...>:

> I'd definitely love to see this plugin make into the general release...
> :)
> 
>     -Marty
> 
> Glenn Mansfield wrote:
> > 
> > Snmp Alerts ? Yes our snort output plugins do send out snmpalerts -
> > and secure ones too. It is no big deal. The corresponding MIB which
> > defines the objects that will be used in the alerts are defined in
> >
> http://www.ietf.org/internet-drafts/draft-glenn-id-sensor-alert-mib-01.txt
> > The "sensor" MIB has used Snort as the model.
> > 
> > We have this MIB implemented on tiny IDSs running snort and
> generating
> > snmp-alerts [Nothing else]. The almighty managers receiving the
> alerts
> > do the work and even generate XML messages in conformance with the
> > present proposed IDMEF XML-DTD. [This was demonstrated at the
> > IETF-IDWG meeting at SanDiego. Details should be there in the
> minutes]
> > 
> > For those who want the MIB, it is already there - let me know if there
> are
> > more things that we will need in the MIB. I intend having a core MIB
> which
> > contains the essentials and several extension MIBs for Packet
> formats,
> > traffic
> > patterns, specific attacks ......
> > 
> > For those who want the code, please hold on. I need to do the
> packaging so
> > that only a few simple steps are required to build and make. It is
> coming
> > soon.
> > 
> > Cheers
> > 
> > Glenn
> > 
> > ----- Original Message -----
> > From: "Martin Roesch" <roesch at ...421...>
> > To: "Dragos Ruiu" <dr at ...381...>
> > Cc: "Fyodor" <fygrave at ...121...>; "Jeff Dell"
> <jdell at ...912...>;
> > <snort-users at lists.sourceforge.net>
> > Sent: Tuesday, December 05, 2000 4:04 PM
> > Subject: Re: [Snort-users] SNMP alerts?
> > 
> > > If someone codes it up, I'll include it.  Don't we have to purchase
> some
> > sort
> > > of unique ID for our SNMP traffic, thought?  I seem to remember
> something
> > > about that (watch as Marty reveals his astounding ignorance of all
> things
> > > SNMP...) :)
> > >
> > >    -Marty
> > >
> > > Dragos Ruiu wrote:
> > > >
> > > > On Mon, 04 Dec 2000, Fyodor wrote:
> > > > > On Mon, Dec 04, 2000 at 11:51:49AM -0500, Jeff Dell wrote:
> > > > > > Has anyone thought about implementing snmp alerts within
> Snort?
> > Similar to
> > > > > > the smbalerts, but instead of a popup message, it is a snmp
> trap?
> > > > > >
> > > > >
> > > > > yup, "throught", :), want to code it? :)
> > > >
> > > > And please save us all some security grief if you do... please
> > > > look at V3 before implementing, though it may look "simple", imho
> > > > it has some safety concerns... :-)
> > > >
> > > > cheers,
> > > > --dr
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > http://lists.sourceforge.net/mailman/listinfo/snort-users
> > >
> > > --
> > > Martin Roesch
> > > roesch at ...421...
> > > http://www.snort.org
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> --
> Martin Roesch
> roesch at ...421...
> http://www.snort.org
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




More information about the Snort-users mailing list