Snort OpenAppID hakkında



  • Merhaba,
    İnternette Snort OpenAppID hakkında bir kaç şey okudum , anladığım kadarıyla bu eklentiyle uygulamaların tespiti yapılabiliyor , pfsense te Snort OpenAppID kurup çalıştıran arkadaşlar var ise bilgi ve tecrübelerini paylaşabilirmi.

    Teşekkür ederim.



  • Yeni versiyonda olacak galiba.

    @bmeeks:

    The newest release of Snort (2.9.7.0) now has a cool new Application Detection preprocessor.  This preprocessor can recognize and alert on more than 2400 applications.  I am currently testing this version in my lab and will soon be posting it for the pfSense developers to review and hopefully approve and merge.  Details on the new Application ID feature can be found in this collection of Snort VRT Blog posts:  http://blog.snort.org/search/label/openappid.  For now, you have to create your own rules to use this new preprocessor.  Fortunately creating custom rules is really quite easy.  Some examples can be found in the previous link.  For Snort on pfSense you will be able to enter the rules as "custom rules" on the RULES tab.  So for all those admins out there who want to block Facebook or Twitter or just subcomponent applications, the new App ID feature coming in Snort 2.9.70 just might be your ticket!

    Bill





  • Snort 2.9.7.0 pkg v3.2.1 Update yayınlandı
    OpenAppID ile facebook snort ile blocklanabiliyor.
    indirip kullanabilirsiniz.
    https://forum.pfsense.org/index.php?topic=85591.0


Log in to reply