article

An example of communication between security tools: iptables - snort

Authors:

Jorge Herrerías Guerrero,

Roberto Gómez CárdenasAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 39, Issue 3

Pages 34 - 43

https://doi.org/10.1145/1075395.1075398

Published: 01 July 2005 Publication History

Get Access

Abstract

Two of the most used tools in the area of computer security are the firewalls and the Intrusion Detection Systems. Both of them fulfill the task for which they were designed for but unfortunately their response to an attack can be limited. The communication of both tools increases the response capacity of the system, but we need a protocol to communicate them. In this paper we present how is to communicate two security tools: snort and Iptables. The communication is based on the Intrusion Detection Message Exchange Format (IDMEF) proposed by the Intrusion Detection Working Group (IDWG).

References

[1]

Beale, Jay, et al. Snort 2.0 Intrusion Detection. Syngress Publishing, 2003.

Digital Library

Google Scholar

[2]

Russell, P. Rusty. Netfilter/iptables. November 2003. <http://www.netfilter.org>

Google Scholar

[3]

Caswell, Brian y Marty Roesch. Snort: The Open Source Network Intrusion Detection System. November 2003. <http://www.snort.org>

Google Scholar

[4]

Curry, David y Hervé Debar. Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition. January 2003. <http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-10.txt>

Google Scholar

[5]

McAlerney, Joe. IDMEF XML plug in for the Snort IDS. January 2003 <http://www.silicondefense.com/idwg/snort-idmef/>

Google Scholar

[6]

McAlerney, Joe y Adam Migus. Libidmef: C library implementation of the IDMEF XML draft. June 2002 <http://www.silicondefense.com/idwg/libidmef/index.htm>

Google Scholar

[7]

Russell, P. Rusty. Linux iptables HOWTO. September 1999.

Google Scholar

[8]

Andreasson, Oskar. Iptables Tutorial. April 2003.

Google Scholar

[9]

Roesch, Martin y Chris Green. Snort Users Manual. 2003 <http://www.snort.org/docs/writing_rules/>

Google Scholar

[10]

Bace, Rebecca y Peter Mell. "Intrusion Detection Systems". NIST Special Publication. SP800-31 November 2001 <http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf>

Google Scholar

[11]

D Draper, A. HaLevy and D. S. Weld, The Nimble XML Dara Integration System, Proceedings of the 17th International Conference on Data, 2001, pp. 155--160

Digital Library

Google Scholar

Cited By

View all

Jin HXiang GZhao FZou DLi MShi LKim WChoi HWon D(2009)VMFenceProceedings of the 3rd International Conference on Ubiquitous Information Management and Communication10.1145/1516241.1516310(391-399)Online publication date: 15-Feb-2009
https://dl.acm.org/doi/10.1145/1516241.1516310
Gómez RHerrerias JMata E(2005)Using lamport's logical clocks to consolidate log files from different sourcesProceedings of the 5th international conference on Innovative Internet Community Systems10.1007/11749776_11(126-133)Online publication date: 20-Jun-2005
https://dl.acm.org/doi/10.1007/11749776_11

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 39, Issue 3

July 2005

93 pages

ISSN:0163-5980

DOI:10.1145/1075395

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2005

Published in SIGOPS Volume 39, Issue 3

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
1,349
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Jin HXiang GZhao FZou DLi MShi LKim WChoi HWon D(2009)VMFenceProceedings of the 3rd International Conference on Ubiquitous Information Management and Communication10.1145/1516241.1516310(391-399)Online publication date: 15-Feb-2009
https://dl.acm.org/doi/10.1145/1516241.1516310
Gómez RHerrerias JMata E(2005)Using lamport's logical clocks to consolidate log files from different sourcesProceedings of the 5th international conference on Innovative Internet Community Systems10.1007/11749776_11(126-133)Online publication date: 20-Jun-2005
https://dl.acm.org/doi/10.1007/11749776_11

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Cited By

Index Terms

Recommendations

Managing Security with Snort and IDS Tools

Security power tools

GFI Network Security and PCI Compliance Power Tools

Comments

Published In

Publisher

Publication History

Check for updates

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Managing Security with Snort and IDS Tools

Security power tools

GFI Network Security and PCI Compliance Power Tools

Comments

Information

Published In

Publisher

Publication History

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations