Snort IDS Custom Dynamic Preprocessor, Part 1

 

Introduction

This post describes process of building a custom dynamic preprocessor plugin for the Snort Network Intrusion Detection / Prevention System (IDS / IPS).

Snort is rules-based IDS. Although Snort rules have a simple structure, the number and variety of options within the Snort rule syntax allows reasonably complex analysis of packets under inspection to be performed. This is fine for situations where the symptoms of the threat being defended against can beĀ  Read more “Snort IDS Custom Dynamic Preprocessor, Part 1”