Snort mailing list archives
Re: snort+FLoP on FreeBSD-5.2.1
From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Fri, 27 Aug 2004 12:40:59 +0200
Hi Thomas,
i post this note, because it took me 2 day to set up snort+FLoP+acid ong a FreeBSD_5.2.1-p9 . the main problem was to get FLoP to compile. seriously the "./configure" and autotools probably don't work on FreeBSD the way it is done in this package. which i think was developed and tested on linux.
not only, it was tested on FreeBSD-5.1 too. And for me it worked... So which version of FLoP did you try? And more interestingly: What are the problems with configure you get?
i had to trick the "build machinery" wich links,deletions in the ./configure script and manuall compilation in some /src/ subdir's A REAL PAIN IN THE FOOT i think FLoP is a very intresting tool that's why i went through all this , but i hope we can fix that for future releeases.
Yes, I will fix the problems as soon as I can localize it. So could you please send the problems with configure/make/... or whererever you have problems?
now i'll try if it runs stable. i already have dectected some problems when flooding the FLoP port 1234 with arbitrary SYN, or X-MAS'es. the server-side "servsock" crashed (or was it sockserv?? , shoud be renamed in sflop and cflop for simplicity , i think).
Interesting idea. Maybe I should really rename the programs. But the basic naming idea was sockserv: creates a socket for snort and forwards all to the central server servsock: This is the server which feeds the database via an unix socket. To the flooding problem: This should not happen. But the basic idea was to have a seperate network for this communication. One stealth interface for sniffing and one with a dedicated network for reporting.
i have searched this mailing list for FLoP topics and didn't find any so if someone , has had related problems how did you fixed them. or open a new thread? FLoP: http://www.geschke-online.de/FLoP/
If I find the time I will set up a machine with FreeBSD-5.2. On my FreeBSD machine (5.1) there is no problem with configure or make, it does all work... Best regards Dirk ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and tools overview Thomas Zauner (Aug 19)
- <Possible follow-ups>
- snort and tools overview Thomas Zauner (Aug 19)
- Re: snort and tools overview Thomas Zauner (Aug 20)
- Re: snort and tools overview Alex Butcher, ISC/ISYS (Aug 23)
- snort+FLoP on FreeBSD-5.2.1 Thomas Zauner (Aug 27)
- Re: snort+FLoP on FreeBSD-5.2.1 Dirk Geschke (Aug 27)
- Re: snort and tools overview Thomas Zauner (Aug 20)