Snort mailing list archives
Re: Sticky-drop
From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 7 Dec 2005 17:52:59 -0600
We are hoping to have snort_inline-2.4.3 out before the end of the year.... Below is a link to an RC from last month sometime. There are about three people who work on snort_inline on a consistent basis. A lot of the time real life stuff gets in the way of us getting releases out, as we work on this just for fun. See the snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more information on sticky-drop. http://sourceforge.net/tracker/index.php?func=detail&aid=1349079&group_id=78497&atid=553469 Regards, Will On 12/7/05, Patrick Walsh <pwalsh () esoft com> wrote:
Any thoughts on how I can get my hands on or learn more about sticky-drop?I think you are talking about sdrop?I'm familiar with sdrop. My question is in response to this post from Will earlier today:sticky-drop in snort-inline can do this. You could probably accomplish the same thing with Snortsam In InlineMode(); but I haven't tried it.By which I assume that sticky-drop drops the connection and also drops future connections from the target IP. And then there's this posting by Will from 3/30/05:The IPS functionality drops or rejects induvidual packets, unless you are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and tell it otherwise.I did find some related preprocessor files in the snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3 tree, nor can I find any documentation on exactly what they do or how to make use of them... Anyone know what this is about or if it works or is supported somewhere? -- Patrick Walsh eSoft Incorporated 303.444.1600 x3350 http://www.esoft.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBDl3DyAhJNUdTnc2gRAvEzAKCcfx67wOjBWKiUztno4zeElJgf+wCeLEo3 rz4gVIIAB5J6ZHoQ7fEwpc8= =6Kme -----END PGP SIGNATURE-----
------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can I automatically include rules? oink (Dec 06)
- Re: Can I automatically include rules? Will Metcalf (Dec 06)
- Re: Can I automatically include rules? oink (Dec 06)
- Sticky-drop Patrick Walsh (Dec 07)
- Re: Sticky-drop G Ramon Gomez (Dec 07)
- Re: Sticky-drop Will Metcalf (Dec 07)
- Re: Sticky-drop Patrick Walsh (Dec 07)
- Message not available
- Re: Sticky-drop Patrick Walsh (Dec 07)
- Re: Sticky-drop Will Metcalf (Dec 07)
- Re: Sticky-drop Joel Esler (Dec 07)
- Re: Can I automatically include rules? Will Metcalf (Dec 06)