On Mar 24, 2004, Sandy C wrote: > I'd like to be able to examine the network data, and > if the data (not the header info) matches certain > criteria, I want to perform certain actions. Its not > clear to me what those actions might be yet. Sounds like you may be looking for an "active response" capability. Here are three pieces of software that can react based on application layer data: snortsam: http://www.snortsam.net/ fwsnort: http://www.cipherdyne.org/fwsnort/ snort_inline: http://snort-inline.sourceforge.net/ Deploying such functionality essentially give the capability to the network of reconfiguring itself based on signatures that can easily generate false positives! You have been warned. --Mike Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > --- "John A. Sullivan III" > <john.sullivan@xxxxxxxxxxxxx> wrote: > > On Wed, 2004-03-24 at 00:45, Sandy C wrote: > > > I would like to be able to be able to examine > > the > > > data portion of a network packet after matching > > it. > > > > .. > > > What is the best way to go about this? Should I > > be > > > thinking of writing a target extension? > > <snip> > > It depends on what you want to do. What do you want > > to do with the > > information? > > -- > > John A. Sullivan III > > > __________________________________ > Do you Yahoo!? > Yahoo! Finance Tax Center - File online. File on time. > http://taxes.yahoo.com/filing.html
