Friday, April 14, 2006

Snort and it's variant

I haven't been playing with any other snort variants lately after tinkering with snort clamAV. It's time to actually make a move to try out interesting stuff. I have heard about snort spade that used to detect anomaly traffics based on statiscal analysis a while ago, this project was revived and under active development currently. Another interesting project that inspired by snort is the one that adding preprocessor to detect the portscan using AI(neural), one of my friend is actually researching on Worm detection using neural network design so that might be helpful for his research work. You may find these two projects at

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/?cvsroot=SPADE


http://afrodita.unicauca.edu.co/~aarboleda/snort_ai.htm

I try to compile both projects on CentOS and get it done in minutes since no errors at all. Then I take a look at snort-2.6 beta. After downloading the source through CVS, I just run sh autojunk.sh, usual configure, make and make install, it is installed fine. The only part I have tweak when configure is adding the prefix such as when I compiled snort-spade, I run

shell>./configure --prefix=/usr/local/bin/snort-spade

And for snort-AI

shell>./configure --prefix=/usr/local/bin/snort-AI

And lastly snort-2.6 Beta

shell>./configure --prefix=/usr/local/bin/snort-2.6B

Now I have three different kinds of snort binary in different directory and can try out any of them separately. I will try to compile it on OpenBSD once I have time.

No comments: