Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips tools
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips tools
|
From: EP8KHA E. <ep...@ho...> - 2006-03-03 23:39:37
|
Jeho, Can you elaborate a bit more on this portion of your email: "i think the most easiest way which we can make IPS may be the way of inserting IPC code in snort or other IDS program. but it has no meaning for me or us to continue developing solution. and if so, there will be no know-how or enjoy with such way. " I'm interested to see where you are going with this. Thanks ^_^ George >From: "park jeho" <par...@ho...> >To: ep...@ho..., Net...@li... >Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >tools >Date: Fri, 03 Mar 2006 10:04:06 +0900 > >hi george ~ > >i am satisfied with the way you goes on >i think that as you continue to reading over the code of snort or others , >you can draw a blueprint of interface which allow current gwc to access IDS >engine and alarm to packet filter module in gwc > >i don't sure this interface will be some kind of daemon in our source tree >or >independent library funcions. > >i think the most easiest way which we can make IPS may be the way of >inserting IPC code in snort or other IDS program. but it has no meaning for >me or us to >continue developing solution. and if so, there will be no know-how or enjoy >with such way. > >so i hope you to propose a frame of library function and if it is needed, >additional system which use these functions. > >i will contiue waiting your research. > >regard >jeho park >>From: "EP8KHA EP8KHA" <ep...@ho...> >>To: Net...@li... >>Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >>tools >>Date: Thu, 02 Mar 2006 18:04:27 -0500 >> >>Hi netadm group, >>I've been looking over the code for snort. So far I've dissected the >>initialzation portion of snort. For those who wants to look over the >>code, this is a great guide to help understand how the code is laid out >>http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html >> >>From what I've seen, all we're doing is initializing the engine and giving >>it rules to process the packets. Getting the engine to work along side >>with our program may not be too bad, since initializing the engine is just >>one function call and getting the engine to do what we want is mainly >>giving the engine a set of rules. However, there are several issues I'm >>going to try to root out in the next few days 1) How does the engine >>actually receive rulesets 2) How does the engine process packets? I want >>to look at this more in detail. 3) How does other systems integrate the >>Snort engine - Great find Kwung-Kyung. >> >>I'm going to skip over the Snort parser, which is used to parse rules >>files, to focus more of my time on how to get the rulesets into the >>engine. For now I'm going to treat the engine as a black box and see how >>we can get the rules into the engine seemlessly. I think this step will >>allow us to actually get something tangible to work with. Afterwards, we >>can think about tweaking the engine itself for our purposes. ^_^ >> >>George >> >> >>>From: jeho-park <lin...@gm...> >>>To: MoonC <bo...@gm...> >>>CC: Net...@li... >>>Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips >>>tools >>>Date: Fri, 03 Mar 2006 04:35:38 +0900 >>> >>> >>>hi kwan-kyung >>> >>>i checked hlbr project and prelude-ids projects. >>> >>>in these three projects, prelude-ids seems to use snort as it's IDS >>>engine. is it right ? >>>if so, it is what i have looked for ~!. i want you to let me know how >>>they integrate with >>>snort ruleset and engine or how they access snort engine with their >>>interface frame. >>>i think this frame will be most important point in our researching. >>>if you find and understand their frame, i think you wll have to design >>>and implement that. >>> >>>in hlbr project, it is some awesome because they seem to add route code >>>in user layer. >>>as far as i know, routing code must be in the kernel layer as our pf.c >>>does. .. >>> >>> >>>i will do more check hlbr code and prelude-ids's. >>>it is not to develop by myself but to talk with you about designing how >>>this functionality will be integrated with current packet prevention >>>module-pf.ko- >>> >>>if you find more infomation about these three projects, please let me >>>know. >>> >>>regards >>>jeho park >>> >>>MoonC wrote: >>> >>>>Hi everyone.. >>>> I'm find some ips tools and projects. This projects helps to us >>>>research ips engine. >>>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >>>> IPS test tool, Tipping Point open.. >>>>http://tomahawk.sourceforge.net/ >>>> >>>>hybrid open source IDS >>>>http://prelude-ids.org/ >>>> >>>> Thanks. >>> >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by xPML, a groundbreaking scripting >>>language >>>that extends applications into web and mobile media. Attend the live >>>webcast >>>and join the prime developer group breaking into this new coding >>>territory! >>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>_______________________________________________ >>>Netadm-devel mailing list >>>Net...@li... >>>https://lists.sourceforge.net/lists/listinfo/netadm-devel >> >>_________________________________________________________________ >>Dont just search. Find. Check out the new MSN Search! >>http://search.msn.click-url.com/go/onm00200636ave/direct/01/ >> >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by xPML, a groundbreaking scripting >>language >>that extends applications into web and mobile media. Attend the live >>webcast >>and join the prime developer group breaking into this new coding >>territory! >>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>_______________________________________________ >>Netadm-devel mailing list >>Net...@li... >>https://lists.sourceforge.net/lists/listinfo/netadm-devel > > _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ |
