A Proof-of-Concept project started to turn ModSecurity into sniffer mode and with Snort Inline capability to drop packet once the packet matches with the attack signatures. Therefore, the payload should not be able to get to the target and reaching to the 5th layer and above. (Isn't it?)
The installation procedure is the usual one:
$ make
$ make install -- you may need sudoThe module binaries should be placed in $SNORT_DIR/lib/snort_dynamicpreprocessor after the installation,and automatically loaded by Snort at the next start.
-
Looking for collaboration
- To port the ModSecurity Engine into the preprocessor
- Build a CRS parser
- Trigger Snort Inline capability
-
Documentation (?)
-
Any suggestions (?)
GPLv3 License. Copyright (c) 2015 Fakhri Zulkifli. See License.