[Snort-users] Snort Block Plugin.

akhenato at ...11860... akhenato at ...11860...
Wed May 26 06:49:07 EDT 2004


Hi, I want to upload a contrib software that integrates with snort.
 
Introduction:
The objetive of this project is the creation of a software
that can be used to control the IP traffic arriving to a
server exposed to internet throught a firewall and there
is an NIDS (snort) detecting attack patterns.
As the NIDS detect an attack pattern, a rule is fired that
end with the creation of a filter in the firewall that drop
the traffic from the source address suspected.
The NIDS and the firewall are not needed to run on the same
system.
 
Description:
This software provides a server and a client applications that
integrates with snort to block any source IP address for a
specified time. The client must be run on the snort system and
is a snort plugin. The server must be installed (and running) in
a system acting as a firewall (where the netfilter rules are applied).
 
A rule must be configured in the snort rules files that fire
the plugin when the defined condition is reached.
 
I need some help to test and optimize this software, adding
features like encrypted communication between client and server,
and some others that can be practical for the project.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SnortBlock.tgz
Type: application/x-gzip
Size: 4045 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040526/ae12f401/attachment.bin>


More information about the Snort-users mailing list