Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ANNOUNCE: flexresp2 (new and improved active response for Snort)

From: Jeff Nathan <jeff () snort org>
Date: Wed, 3 Sep 2003 00:10:20 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At long last I am proud to release flexresp2, the improved version of active response for Snort. 

From the readme file:
***********************
To compensate for the fact that Snort cannot possibly send a TCP reset to the server (or receiving host) before the offending packet reaches the destination, Snort will transmit a minimum of 3 TCP reset packets with shifting TCP ack numbers in an attempt to brute-force the connection into an unusable state.
Flexresp2 will automatically calculate the original TTL when sending a response packet.
Flexresp2 will not respond to TCP packets with the SYN, FIN or RST flag set.
Link-layer active response (crafting complete Ethernet frames) can be used to completely bypass the routing table and force response packets to be sent 
out a specified interface.
TCP reset packets sent by flexresp2 are no longer sent to the sender, only the target system. 
***********************

All the files comprising flexresp2 (sp_respond2) are available here:
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/

A readme is available here:
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/ sp_respond2.readme
Please read this readme document carefully. It has been written to help anyone interested in using flexresp2 and details the new features available in this release.
All the files have been MD5 checksummed, a checksum file is available here: 
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/MD5
A detached PGP signature has been created for all the files. To verify the signatures using GPG, import my public key from the MIT keyserver using the command: 

gpg --keyserver pgp.mit.edu --recv-key 6923D3FD
Once you have obtained my PGP public key, you can verify the integrity of the flexresp2 files using commands resembling the following: 

gpg --verify sp_respond2.diff.gz.asc sp_respond2.diff.gz
Please reference the BUGS file contained with the Snort distribution before reporting any bugs in this software.
Special thanks to Dragos Ruiu, Jed Haile, Jose Nazario, Mike Davis and Chris Reid for all their suggestions and review. 

Enjoy!

- -Jeff

- --
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/VZPkEqr8+Gkj0/0RAr2QAJ4ogu4ATRHx8ZEOxg6ITpcsXGLeoQCfcezT
aAeX9jmZprbE9bEjmT8tV/Q=
=AbZN
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: