I am developing a set of rules using genetic algorithms to detect malicious connections. I need to integrate the rules into ntop so that it can alert when a TCP connection matches one of my rules. Basically, here are the attributes. Each attribute can have a potential wild card value.
Duration Hrs, Min, Sec Protocol Source Port Destination Port Source IP xxx.xxx.xxx.xxx Destination IP xxx.xxx.xxx.xxx Where would I put my rules into NTOP and how can I generate an alert when a match occurs? Or how can I tap into NTOP's capability of tracking connections in order to create an alerting mechanism. I am looking at the NTOP source now. I am just building Python 2.6 on Debian lenny. brian -- Brian Lavender http://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
