Streaming Server with Snort

omnicron · June 16, 2008, 9:13pm

I have been trying to figure out how top configure SNORT with the steaming server option in Mikrotik. I guess Mikrotik supports the TZSP format but I can not figure out how to get snort to accept a UDP stream in that format? I have search for the TZSP format option for SNORT and other such things but have found very little information on this. Can anyone shed some light on this?

Ok I figured out I use ./trafr -s | in some way but I dont see how to make snort listen on standard input.

OK GOT IT.

./trafr -s |/usr/sbin/snort -r -

Now I just need to play more with snort..

Thanks

Tim

gkoufoud · November 28, 2012, 10:47am

Hi,
I have developed an IDS/IPS system for RouterOS.
It is here : http://sourceforge.net/projects/mt-fw-attack/

You need a linux machine to compile and run it.
It collects syslog messages from your’s routeros device (there are instructions on how to use it) and adds the attackers on an address list which you can use to block them.

EMOziko · December 1, 2012, 8:33am

Wow, thank you, I will try.

nina · October 9, 2013, 3:04pm

Hi

Does somebody tried this mt-fw-attack package? on which linux distro, can somebody help?

Best

nina · October 10, 2013, 10:06am

Got it!Solved!

nina · October 10, 2013, 2:51pm

Hi

Does somebody implement this ids/ips system???

i installed everything and put some rules with remote logging option but nothing happen

is this daemon put attacker ip address dynamically on router??

Best

nina · October 14, 2013, 3:00pm

Solved!!

Thanks gkoufoud!

Best

m94646602 · October 26, 2013, 2:27am

help, cann’t see this daemon put attacker ip address on router address list, i can see the attacker ip in the linux syslog.

thanks a lot

m94646602 · October 28, 2013, 6:32am

Solved!!

Thanks gkoufoud!

Best