Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to

To:	John Draper <lists@webcrunchers.com>
Subject:	Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?
From:	Jason Brvenik <jasonb@sourcefire.com>
Date:	Sun, 03 Dec 2006 22:25:26 -0500
Cc:	Justin Heath <justin.heath@gmail.com>, Snort Users <snort-users@lists.sourceforge.net>, Martin Roesch <roesch@sourcefire.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	snort-list@securepoint.com
In-reply-to:	<4573460B.2030700@webcrunchers.com>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
List-help:	<mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-id:	"Snort users talk about... Snort!" <snort-users.lists.sourceforge.net>
List-post:	<mailto:snort-users@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
References:	<4552843B.2030508@webcrunchers.com> <2E3F4343-40FD-4468-B9CB-FDCA68E1C7CD@sourcefire.com> <455E20CF.1010801@webcrunchers.com> <C9CA3795-3B6E-40E3-8BD7-19F86015EE07@sourcefire.com> <45720DC3.4020209@webcrunchers.com> <A551B3F2-4C61-4FD2-A136-D911103DA3CA@sourcefire.com> <351f7b8c0612030949s5e09c452tee0dc34e39dd8a7@mail.gmail.com> <4573460B.2030700@webcrunchers.com>
Sender:	snort-users-bounces@lists.sourceforge.net
User-agent:	Apple Mail (2.733) Mnenhy/0.7.4.0


John Draper wrote:
> Justin Heath wrote:
> 
>> Also, you can check the following link for a nearby library
>>
>> http://worldcatlibraries.org/wcpa/isbn/1931836043
> 
> I cannot afford to buy any books right now - I got totally burned by
> my most recent client who owes me money - I hate it when that
> happens,  but with all this outsourcing binge going on,  I have
> pretty scant choices for jobs these days.   Do you know if there are
> any web based references showing the overall structure of a snort
> plugin...

Justin was suggesting you check the book out from your local library.
The link he pasted will tell you where the closest library is with the
book available.

> 
> Is there a Python wrapper for a plugin...  boy - now that would be
> most useful....   Do these plugins deploy "callbacks" or are
> there special method with exact names I have to "subclass"?

Try this link to simplify the process.

http://afrodita.unicauca.edu.co/~cbedon/snort/snort.html

> 
> I've looked at some of these plugins,  and they are so completely
> different from each other (in the way they were written),  but I see
> little to no commonality between them,  other then the spo_
> prefix for the plugin file names...

What you seek is there. Look at templates/* and src/plugbase.*

> 
> Is it possible to write a Python based plugin "wrapper" that deploys
> common "callbacks" into Python?

Sure. Why?

Check here for a perl detection plugin for an older release of snort.

http://cerberus.sourcefire.com/~jeff/archives/snort/sp_perl/


> 
> Oviously,  I'm going to want to deply threads for this....  I think!!!
> I just haven't had this experience yet,  and hope to hook up with
> someone on this mailing list working on similar types of things
> so we can share info.

I humbly suggest that you reconsider.

> 
> My project is important to me, because it's going to contribute to
> the detection and eradication of botnets.

I wish you the best in that pursuit. Care to share more detail? I'm
fairly certain there are better ways of achieving what you want.

> 
> John
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, John Draper Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, Martin Roesch Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, Justin Heath Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, John Draper Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, Jason Brvenik <=

Previous by Date:	Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, John Draper
Next by Date:	[Snort-users] xjzhu@seu.edu.cn, 朱晓炯
Previous by Thread:	Re: [Snort-users] [RGSPAM] Re: Is there any documentation showing how to write a snort plugin?, John Draper
Next by Thread:	[Snort-users] xjzhu@seu.edu.cn, 朱晓炯
Indexes:	[Date] [Thread] [Top] [All Lists]