[Snort-users] Snort Block Plugin.

Nicolas Saurbier Nicolas.Saurbier at ...11686...
Wed May 26 09:06:10 EDT 2004


Hi,

that sounds interessting...

But when I send a faked infected packet with src-ip of eBay.com your software will make the Firewall block eBay?

NIC

> -----Ursprüngliche Nachricht-----
> Von: akhenato at ...11860... [mailto:akhenato at ...11860...]
> Gesendet: Mittwoch, 26. Mai 2004 12:46
> An: Snort List
> Betreff: [Snort-users] Snort Block Plugin.
> 
> 
> Hi, I want to upload a contrib software that integrates with snort.
>  
> Introduction:
> The objetive of this project is the creation of a software
> that can be used to control the IP traffic arriving to a
> server exposed to internet throught a firewall and there
> is an NIDS (snort) detecting attack patterns.
> As the NIDS detect an attack pattern, a rule is fired that
> end with the creation of a filter in the firewall that drop
> the traffic from the source address suspected.
> The NIDS and the firewall are not needed to run on the same
> system.
>  
> Description:
> This software provides a server and a client applications that
> integrates with snort to block any source IP address for a
> specified time. The client must be run on the snort system and
> is a snort plugin. The server must be installed (and running) in
> a system acting as a firewall (where the netfilter rules are applied).
>  
> A rule must be configured in the snort rules files that fire
> the plugin when the defined condition is reached.
>  
> I need some help to test and optimize this software, adding
> features like encrypted communication between client and server,
> and some others that can be practical for the project.
> 
> 

--------------------------------------------
Any e-mail message from Biodata Systems GmbH is sent in good faith but shall neither be binding nor construed as constituting a commitment by Biodata Systems GmbH except where provided for in a written agreement. This e-mail is intended only for the use of the recipient(s) named above. Any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system.
--------------------------------------------
 
Biodata Systems GmbH is a specialist manufacturer of Information Security products -This message has been scanned for all known viruses by 'Biodata BIGApplication®'.




More information about the Snort-users mailing list