Some very general, basic questions about programs and programming

[ICANSEEYOU7687]

Im new to the forums and I hope this is the right place to be posting...

But I guess an outline of what im trying to do would be the most helpful.

I have snort installed into a debian system. And my goal is to
1) Detect an attack (currently it will most likely just be a ping)
2) Redirect the attack to another computer.

I have snort installed, using the Debian install guide from snort.org, and I want to make a program that detects the attack through snort, and then does something else.

Right now it doesnt really matter... it can print something to the terminal. But this will allow the ladder part to be implemented later.

But I have no idea where to start. All the programming ive done, ive only created .c file with .h header files, and never anything pumping in data from another program.

I hope this wasnt to confusing.

Thanks!

[hazel]

It depends on how snort outputs its results. If it prints to standard output, then you can pipe that output into your program using a command like snort|mydefence. You then need to write the mydefence program to analyse and react to data from standard input.

[void_dweller]

Why not merely use a honeypot and jail routine? The honeypot provides an illusion of a massively important server left wide open. The jail routine gaffs the poor sap into thinking your fake server granted them root privilege, yet contains them in an environment you may fully log without risking any damage to any systems. Then, you can pass over the logs to whomever you feel trustworthy authorities if need be.