Project

General

Profile

Actions

Bug #1753

closed

Spoink integration

Added by Ermal Luçi over 13 years ago. Updated about 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
08/05/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

For the alert_pf option the snort package needs the spoink code.

This code is not present today on the snort package which makes the alert_pf option not work at all.
Also the spoink code needs improvement to work with pfSense customized pf(4) version.

Actions #1

Updated by chris hamilton over 13 years ago

I'm getting the same error -- however only if I check "Block offenders" (Checking this option will automatically block hosts that generate a Snort alert.)

2.0-RC3 (amd64)
built on Tue Jun 21 23:08:07 EDT 2011

Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"
Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"

Will be :-) when the code is added

Actions #2

Updated by Walter Gomes about 13 years ago

2.0-RC3 (amd64)
built on Wed Aug 24 10:10:33 EDT 2011

same case of hamilton, the error message is displayed only if i enable Block offenders option.
i'll be the first to test the fix :)

Actions #3

Updated by Ermal Luçi about 13 years ago

  • Status changed from New to Feedback

Spoink is now integrated to snort and snort uses 2.9.0.5 port.
Possibly should ping the spoink author about this?

Actions #4

Updated by Walter Gomes about 13 years ago

Thanks to pfsense developers for the new version of snorte with the block offenders working, i've enabled it on my pfsense box and the interface is running, i have no traffic today and tomorrow on my network, so i can't tell if it's working correctly, but at monday i'll see if the infected hosts are being blocked by the pfsense.

Actions #5

Updated by Ermal Luçi about 13 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF