[Snortsam-discussion] ISA 2004/2006 Plugins

Mark Clift mark.clift at usitek.com
Tue Dec 16 11:19:08 EST 2008 

The plugin does work, at least with 2.54. I have some additional
revisions that I have not had time to finalize due to my work schedule.
However I am vacationing through the holidays and beginning of next
year. I will finalize, test with 2.57 and send in during that time. If
you need some assistance in getting this working before early Jan please
feel free to contact me off list and I will see what I can do. I do have
a compiled working version in production both on ISA 2004 Std and 2006
EE and a basic readme for installation. 

 

Sorry for the lengthy delay in getting this done. Work has absorbed all
of my free time.

 

Thank you.

Best Regards,

Mark P. Clift, MCSE
Vice President



716.447.7000 office
716.332.0060 direct
716.447.0880 fax
mark.clift at usitek.com <mailto:mark.clift at usitek.com> 

US itek, inc.
1720 Military Road, Suite 200

Buffalo, NY 14217



From: snortsam-discussion-bounces at snortsam.net
[mailto:snortsam-discussion-bounces at snortsam.net] On Behalf Of Chris
McLeod
Sent: Thursday, August 14, 2008 12:54 PM
To: snortsam-discussion at snortsam.net
Subject: [Snortsam-discussion] ISA 2004/2006 Plugins

 

All

 

I was perusing the archives of this list and found an post describing
success using the snort-sam plugin for ISA 2004/2006. I am interested in
getting any information I can about this (I believe .dll's and a readme
were mentioned). The poster was Mark Clift and the entire email is
listed below.

 

Thanks in advance,

 

Chris McLeod

Network Services Manager

City of Thornton

9500 Civic Center Drive

(303) 538-7633

 

Hello All,
 
It has been a long time since I have posted to this list but I have been
watching for any question regarding the ISA 2004/2006 plugin. 
 
I have in the past worked on the ISA 2004 plug and wanted to give an
update on it. 
 
The plugin I see is part of the current CVS 2.54 and I am happy to
report that it still compiles without issue and the code is compatible
with ISA 2006. All that is needed is to use the proper DLL when making.
 
I have several Snort 2.8.0.2 compiled and running on several windows
based IDSs (I know most probably cringe) communicating with SnortSam on
both ISA 2004 and 2006 firewalls utilizing the latest CVS 2.54 build.
 
Speaking of the public CVS the 2.54 version has a small typo in the file
supporting ISA 2000 - ssp_isa.cpp. The path to the contrib folder has
the path to the 2004 contrib subfolder path instead of the needed 2000
contrib folder path.
 
Line 47 reads - #import "..\\contrib\\isa2004\\msfpccom.dll"
no_namespace
Should read -   #import "..\\contrib\\isa2000\\msfpccom.dll"
no_namespace 
 
I have some DLLs and built binaries and more importantly a README for
the plugin I would like to share with the project. The current code
remains the same (except adding an additional line for the 2006 contrib
folder path) so no changes there. If Matt or Frank could let me know
more about how to get those to you please let me know. 
 
I will continue to watch the list in case someone is interested in using
the plugin and needs help. 
 
Thank you.
 
Best Regards,
 
Mark P. Clift
 
716.447.7000 office
716.332.0060 direct
 
mark.clift at usitek.com
<http://lists.snortsam.net/mailman/listinfo/snortsam-discussion> 

 


DISCLAIMER:
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20081216/7579bf4e/attachment-0001.html

More information about the Snortsam-discussion mailing list