[Snort-users] iptable support

Benjamin W. Ritcey ben at ...3792...
Thu Oct 11 21:00:10 EDT 2001


You want Hogwash

http://hogwash.sourceforge.net/

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Joshua
Brindle
Sent: Thursday, October 11, 2001 11:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] iptable support


There was some talk in november of last year about a version of snort
written to use iptables but i can't find this anywhere, and the authors
email @secureworks.net seems not to work anymore. The responce said that
snort would likely at some time be more modular and able to support
alternate packet capturers, but it seems like snort is still very reliant on
pcap. The reason i'm wondering is because i want a sort of active IDS that
will simply drop packets that match a signature, instead of trying to reset
the connection. I wrote a pcap 'driver' that uses ipq but it seems that the
m->payload and bp are in different formats and i don't know how to convert
between them, the patch is at
http://web.snu.edu/~jbrindle/pcap-netfilter.diff if anyone wants to take a
look and see what they can do, or tell give me more info on snorts state as
non-pcap reliant. Thanks for any info or pointers. :)

Joshua Brindle
UNIX Administrator
Southern Nazarene University

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list