Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sticky-drop

From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 7 Dec 2005 17:52:59 -0600
We are hoping to have snort_inline-2.4.3 out before the end of the
year....  Below is a link to an RC from last month sometime.  There
are about three people who work on snort_inline on a consistent basis.
 A lot of the time real life stuff gets in the way of us getting
releases out, as we work on this just for fun. See the
snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more
information on sticky-drop.

http://sourceforge.net/tracker/index.php?func=detail&aid=1349079&group_id=78497&atid=553469

Regards,

Will
On 12/7/05, Patrick Walsh <pwalsh () esoft com> wrote:

    Any thoughts on how I can get my hands on or learn more about
sticky-drop?

I think you are talking about sdrop?


        I'm familiar with sdrop.  My question is in response to this post from
Will earlier today:


sticky-drop in snort-inline can do this.  You could probably
accomplish the same thing with Snortsam In InlineMode(); but I haven't
tried it.


        By which I assume that sticky-drop drops the connection and also drops
future connections from the target IP.

        And then there's this posting by Will from 3/30/05:


The IPS functionality drops or rejects induvidual packets, unless you
are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
tell it otherwise.


        I did find some related preprocessor files in the
snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
tree, nor can I find any documentation on exactly what they do or how to
make use of them...

        Anyone know what this is about or if it works or is supported
somewhere?

--
Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
http://www.esoft.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBDl3DyAhJNUdTnc2gRAvEzAKCcfx67wOjBWKiUztno4zeElJgf+wCeLEo3
rz4gVIIAB5J6ZHoQ7fEwpc8=
=6Kme
-----END PGP SIGNATURE-----






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: