[Snortsam-discussion] ISA 2004/2006 Plugins

Chris McLeod Chris.McLeod at cityofthornton.net
Thu Aug 14 12:57:42 EDT 2008 

All

 

I was perusing the archives of this list and found an post describing
success using the snort-sam plugin for ISA 2004/2006. I am interested in
getting any information I can about this (I believe .dll's and a readme
were mentioned). The poster was Mark Clift and the entire email is
listed below.

 

Thanks in advance,

 

Chris McLeod

Network Services Manager

City of Thornton

9500 Civic Center Drive

(303) 538-7633

 

Hello All,
 
It has been a long time since I have posted to this list but I have been
watching for any question regarding the ISA 2004/2006 plugin. 
 
I have in the past worked on the ISA 2004 plug and wanted to give an
update on it. 
 
The plugin I see is part of the current CVS 2.54 and I am happy to
report that it still compiles without issue and the code is compatible
with ISA 2006. All that is needed is to use the proper DLL when making.
 
I have several Snort 2.8.0.2 compiled and running on several windows
based IDSs (I know most probably cringe) communicating with SnortSam on
both ISA 2004 and 2006 firewalls utilizing the latest CVS 2.54 build.
 
Speaking of the public CVS the 2.54 version has a small typo in the file
supporting ISA 2000 - ssp_isa.cpp. The path to the contrib folder has
the path to the 2004 contrib subfolder path instead of the needed 2000
contrib folder path.
 
Line 47 reads - #import "..\\contrib\\isa2004\\msfpccom.dll"
no_namespace
Should read -   #import "..\\contrib\\isa2000\\msfpccom.dll"
no_namespace 
 
I have some DLLs and built binaries and more importantly a README for
the plugin I would like to share with the project. The current code
remains the same (except adding an additional line for the 2006 contrib
folder path) so no changes there. If Matt or Frank could let me know
more about how to get those to you please let me know. 
 
I will continue to watch the list in case someone is interested in using
the plugin and needs help. 
 
Thank you.
 
Best Regards,
 
Mark P. Clift
 
716.447.7000 office
716.332.0060 direct
 
mark.clift at usitek.com
<http://lists.snortsam.net/mailman/listinfo/snortsam-discussion> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20080814/8f5cb087/attachment.html

More information about the Snortsam-discussion mailing list