Snort mailing list archives

Re: Libnet v1.1 vs libnet v1.0.2a

From: TPanaitescu () colorcon com
Date: Tue, 29 Nov 2005 16:52:54 -0500


Hi Jeff,

Thanks for the info, I'll play around w/ flexresp2 in the coming days. Are
there any particular patches for 2.4.3 ?

In the mean while, I have read some of the documentation on
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/ regarding
flexresp2 and I've noticed that the resp:<action> are slightly different
than the ones in flexresp. Is it a particular reason for those differences
? I guess that it would be easier for the us (lazy) snort admins to just
use the current rules w/ the flexresp actions without any need to change
them - even if it is not a complicated thing ... :-P Just my .02

Thanks and regards,
Tudor




                                                                           
             Jeff Nathan                                                   
             <jeff () snort org>                                              
             Sent by:                                                   To 
             snort-users-admin         TPanaitescu () colorcon com            
             @lists.sourceforg                                          cc 
             e.net                     snort-users () lists sourceforge net   
                                                                   Subject 
                                       Re: [Snort-users] Libnet v1.1 vs    
             11/29/05 03:57 PM         libnet v1.0.2a                      
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Checkout snort's source code from CVS and use flexresp2 instead of
flexresp.  You won't need libnet 1.0.2 at all in that case.

- -Jeff

On Nov 22, 2005, at 4:26 PM, TPanaitescu () colorcon com wrote:


Hi,

Is it any way around the limitation for libnet v1.0.2a in building
snort v
2.4.3 with flexresp ? The reason I am asking is that I am running in a
strange situation when I need syslog-ng with spoof capabilities which
requires libnet >= v1.1 but, on the same machine, snort requires
libnet
v1.0.2a.



TIA,
Tudor



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://cerberus.sourcefire.com/~jeff       (DSA key id 6923D3FD)
"I want to know God's thoughts... the rest are details."   - Albert
Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDjMDaEqr8+Gkj0/0RArVPAKC1dx7vwI3wBMOQZLql8mGoC9dHjACglXJh
xK3/Lfqx5eJDa2XDHeCbVbQ=
=SktB
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Libnet v1.1 vs libnet v1.0.2a TPanaitescu (Nov 22)
- Re: Libnet v1.1 vs libnet v1.0.2a Dirk Geschke (Nov 22)
  - Re: Libnet v1.1 vs libnet v1.0.2a TPanaitescu (Nov 22)
    - Re: Libnet v1.1 vs libnet v1.0.2a Dirk Geschke (Nov 22)
    - Re: Libnet v1.1 vs libnet v1.0.2a James Lay (Nov 22)
- Re: Libnet v1.1 vs libnet v1.0.2a Jeff Nathan (Nov 29)
  - Re: Libnet v1.1 vs libnet v1.0.2a TPanaitescu (Nov 29)
    - Re: Libnet v1.1 vs libnet v1.0.2a Jeff Nathan (Nov 29)