Re: [Snort-users] Detection Plug-Ins

At 06:37 PM 12/12/2004, Adam Cavaliere wrote:
>Hello,
>
>I am reading through the Syngress book, Snort 2.1. I just finished up
>reading about the Detection plug-ins and am a little worried if this might
>be too much for me. I do not have a lot of experience programming, some
>but not much. So do many people feel that there is a need to write your
>own detection plugin, or are there many out there to use?

I'm not aware of anybody that writes their own detection plugins. Perhaps a
few more obscure sites are doing so, but I'm not aware of anyone on this
list ever mentioning that they did write their own plugin. Most just use
the ones that come prebundled with snort.

The only add-on plugin I've seen used, ever, is SPADE, which is a
probability based scan detector. Unfortunately, with the transfer of
Silicon Defense's snort tools to Demarc, the SPADE plugin has fell into
disrepair for a while. Quite unfortunate, as in my experience and opinion,
SPADE is the most powerful tool snort's ever had available to it.
Fortunately, it looks like someone's recently picked back up on it:

http://www.computersecurityonline.com/spade/





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users