Snort mailing list archives
Re: Updated IP Blacklisting patch (version 2)
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 9 Jul 2009 09:37:16 -0400
On Thu, Jul 9, 2009 at 9:34 AM, Eoin Miller<eoin.miller () trojanedbinaries com> wrote:
Seems to work great with the goto's now (thanks!). Very small/non functionality niggle with the output/alerting: Was wondering about this: static void ProcessArgs(char *args){ snprintf(eventstr, STD_BUF, "Access attempt from %s blacklisted IP address", arg); "attempt from" might mean to some the src address is blacklisted. Since iplist fires on both src and dst maybe have something like: snprintf(eventstr, STD_BUF, "Communication with %s blacklisted IP address", arg); Might help thwart some potential confusion down the road.
Good point, I'll make the change. Any stats on CPU usage? Did the gotos or different arrangement result in any savings? Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 06)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 10)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)