Home page logo
/

snort logo Snort mailing list archives

Graph based IDS
From: Florian Klickermann <florian.klickermann () gmail com>
Date: Fri, 10 May 2013 10:53:03 +0200

Hi,
I'm a new user of snort and I want to develop a graph based IDS module for
it. This graph based module should use the sniffed TCP/IP connections from
snort to check if the connection is new or not.
Therefore I need a Snort Specification document but i cant find it.
I need the following Information for my project:
- Which variable saves the IP address or can I create a rule which sends
all IP connections to a file or a variable?
- Through which API can I include my new module?
- Do I need a new preprocessor for my project?
Thanks in advance!
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
  • Graph based IDS Florian Klickermann (May 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]