Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips tools
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
Re: [Netadm-devel] Hi~ Netadm members~ .. some project for ips tools
|
From: jeho-park <lin...@gm...> - 2006-03-04 02:27:08
|
george i am sorry i found my figure which i drew in previos mail was broken. here is new http://jhpark.guideline.co.kr/data/PROJECT/netadm/reference/figure.html thanks jeho park EP8KHA EP8KHA wrote: > Jeho, > Can you elaborate a bit more on this portion of your email: > > "i think the most easiest way which we can make IPS may be the way of > inserting IPC code in snort or other IDS program. but it has no > meaning for me or us to > continue developing solution. and if so, there will be no know-how or > enjoy with such way. " > > I'm interested to see where you are going with this. Thanks ^_^ > > George > >> From: "park jeho" <par...@ho...> >> To: ep...@ho..., Net...@li... >> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >> ips tools >> Date: Fri, 03 Mar 2006 10:04:06 +0900 >> >> hi george ~ >> >> i am satisfied with the way you goes on >> i think that as you continue to reading over the code of snort or >> others , you can draw a blueprint of interface which allow current >> gwc to access IDS engine and alarm to packet filter module in gwc >> >> i don't sure this interface will be some kind of daemon in our source >> tree or >> independent library funcions. >> >> i think the most easiest way which we can make IPS may be the way of >> inserting IPC code in snort or other IDS program. but it has no >> meaning for me or us to >> continue developing solution. and if so, there will be no know-how or >> enjoy with such way. >> >> so i hope you to propose a frame of library function and if it is >> needed, additional system which use these functions. >> >> i will contiue waiting your research. >> >> regard >> jeho park >> >>> From: "EP8KHA EP8KHA" <ep...@ho...> >>> To: Net...@li... >>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >>> ips tools >>> Date: Thu, 02 Mar 2006 18:04:27 -0500 >>> >>> Hi netadm group, >>> I've been looking over the code for snort. So far I've dissected the >>> initialzation portion of snort. For those who wants to look over the >>> code, this is a great guide to help understand how the code is laid >>> out http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html >>> >>> From what I've seen, all we're doing is initializing the engine and >>> giving it rules to process the packets. Getting the engine to work >>> along side with our program may not be too bad, since initializing >>> the engine is just one function call and getting the engine to do >>> what we want is mainly giving the engine a set of rules. However, >>> there are several issues I'm going to try to root out in the next >>> few days 1) How does the engine actually receive rulesets 2) How >>> does the engine process packets? I want to look at this more in >>> detail. 3) How does other systems integrate the Snort engine - Great >>> find Kwung-Kyung. >>> >>> I'm going to skip over the Snort parser, which is used to parse >>> rules files, to focus more of my time on how to get the rulesets >>> into the engine. For now I'm going to treat the engine as a black >>> box and see how we can get the rules into the engine seemlessly. I >>> think this step will allow us to actually get something tangible to >>> work with. Afterwards, we can think about tweaking the engine itself >>> for our purposes. ^_^ >>> >>> George >>> >>> >>>> From: jeho-park <lin...@gm...> >>>> To: MoonC <bo...@gm...> >>>> CC: Net...@li... >>>> Subject: Re: [Netadm-devel] Hi~ Netadm members~ .. some project for >>>> ips tools >>>> Date: Fri, 03 Mar 2006 04:35:38 +0900 >>>> >>>> >>>> hi kwan-kyung >>>> >>>> i checked hlbr project and prelude-ids projects. >>>> >>>> in these three projects, prelude-ids seems to use snort as it's IDS >>>> engine. is it right ? >>>> if so, it is what i have looked for ~!. i want you to let me know >>>> how they integrate with >>>> snort ruleset and engine or how they access snort engine with their >>>> interface frame. >>>> i think this frame will be most important point in our researching. >>>> if you find and understand their frame, i think you wll have to >>>> design and implement that. >>>> >>>> in hlbr project, it is some awesome because they seem to add route >>>> code in user layer. >>>> as far as i know, routing code must be in the kernel layer as our >>>> pf.c does. .. >>>> >>>> >>>> i will do more check hlbr code and prelude-ids's. >>>> it is not to develop by myself but to talk with you about designing >>>> how this functionality will be integrated with current packet >>>> prevention module-pf.ko- >>>> >>>> if you find more infomation about these three projects, please let >>>> me know. >>>> >>>> regards >>>> jeho park >>>> >>>> MoonC wrote: >>>> >>>>> Hi everyone.. >>>>> I'm find some ips tools and projects. This projects helps to us >>>>> research ips engine. >>>>> This IPS works Layer2, http://hlbr.sourceforge.net/index-en.html >>>>> IPS test tool, Tipping Point open.. >>>>> http://tomahawk.sourceforge.net/ >>>>> >>>>> hybrid open source IDS >>>>> http://prelude-ids.org/ >>>>> >>>>> Thanks. >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------- >>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting >>>> language >>>> that extends applications into web and mobile media. Attend the >>>> live webcast >>>> and join the prime developer group breaking into this new coding >>>> territory! >>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>> >>>> _______________________________________________ >>>> Netadm-devel mailing list >>>> Net...@li... >>>> https://lists.sourceforge.net/lists/listinfo/netadm-devel >>> >>> >>> _________________________________________________________________ >>> Don’t just search. Find. Check out the new MSN Search! >>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/ >>> >>> >>> >>> ------------------------------------------------------- >>> This SF.Net email is sponsored by xPML, a groundbreaking scripting >>> language >>> that extends applications into web and mobile media. Attend the live >>> webcast >>> and join the prime developer group breaking into this new coding >>> territory! >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>> >>> _______________________________________________ >>> Netadm-devel mailing list >>> Net...@li... >>> https://lists.sourceforge.net/lists/listinfo/netadm-devel >> >> >> > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Netadm-devel mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netadm-devel > |
