deploying intrusion prevention system with custom plugins (snort inline)

views:

135

answers:

deploying intrusion prevention system with custom plugins (snort inline)

Hello,

I have to deploy a Snort based intrusion prevention system.

I am total newbie in this, so any kind of help , references for starters would be highly appreciated.

Also snort documentation talks about Honeynet Snort Inline Toolkit, but the available link to it is returning 404. I checked it on Honey net but couldn't find it.

Also i read in the documentation that custom plugins too can be written for snort, is there any java library for that?

Please help.

Thanks in advance

Ashish

+2 A:

Plugins can only be developed in C as of now and are fairly undocumented. The SnortSP platform is supposed to make this easier. It's currently in beta and can be downloaded here.

Now, you don't mention why would you like to write a plugin, maybe all you need are rules that are thoroughly documented in the user manual. There are also tools that can output Snort rules from the logs of an attack, like Nebula

Vinko Vrsalovic 2010-02-21 12:59:34

Ok, I was able to deploy Snort IDS (Intrusion Detection System) on my Fedora 10 virtual machine on a sun virtual box, but my requirement is to deploy Snort in IPS (Intrusion ) and I am still facing difficulty in it (like unable to drop,reject or sdrop packets according to defined rules), snort doesn't identify my reject and sdrop rules.

Ashish 2010-02-22 11:16:59

Problem solved , able to deploy Snort in IPS mode, there was some problem in installation methods that i was following.

Ashish 2010-03-21 17:10:57

ansaurus

tags:

views:

answers:

deploying intrusion prevention system with custom plugins (snort inline)

related questions