[Oisf-devel] SnortSam? (and a big THANK YOU)
Eduardo Meyer
dudu.meyer at gmail.com
Wed Sep 1 15:15:50 UTC 2010
On Wed, Sep 1, 2010 at 9:27 AM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> Hi Eduardo. Snortsam is a big part of my production systems as well, I
> understand your predicament.
>
> Distributed blocking is a major part of the IP Reputation task we're
> about to start in phase two development (major kickoff in late september
> after this round of bugfixes).
>
> That'll include a snortsam-like mechanism to allow distributed blocking.
> So the oisf probably won't put the effort into a snortsam plugin port,
> but it's a very feasible thing to do if someone wanted to contribute
> that. The api and the method is relatively simple, I think someone could
> knock that out relatively easily. We'd definitely support it.
>
> Snortsam's value in the interim while we're doing ip rep is that it
> interfaces already with so many firewalls and other devices that can do
> the blocking.
>
Yes, I know you are a current user of SnortSam, and probably the only
one who decently documented it. Im glad Suricata will have something
natively. I will try to understand the output plugin hooks on Suricata
to find out if I can do any hackery in the meantine. If I have any
success I will post here.
Thanks.
> Matt
>
> On 8/31/10 11:23 PM, Eduardo Meyer wrote:
>> Is anyone planning on a port of the fw_sam output plugin?
>>
>> It's the only missing piece of code for a complete migration from
>> Snort to Suricata.
>>
>> With Suricata I could (finally) use my 8 cores and lower CPU usage
>> from 80% (my boss loves to run top(1) and hates to see such a critical
>> application close to its CPU limit).
>>
>> Running on FreeBSD btw. So, kudos to veryone, this is a big THANK YOU
>> for such a great alternative to Snort; not only about fw_sam.
>>
>
> --
>
> ----------------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Open Information Security Foundation (OISF)
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> http://www.openinfosecfoundation.org
> ----------------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
--
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
More information about the Oisf-devel
mailing list