Snort mailing list archives
Re: Snort 2.9.0 Now Available
From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 5 Oct 2010 13:09:52 -0400
On Tue, Oct 5, 2010 at 12:33 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 10/5/2010 12:12, Russ Combs wrote:On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote: as written above, there is no libnet in use at all in the product i'mworkingwith... there's no libdnet, either... we've simply never had a needforeither... OK - libnet was only required for inline builds. I'm looking into achange thatmay obviate dnet for Snort when active response is not configured.interesting... i assume that "active response" means "inline"?? i also assume that "active response" means that snort does the dropping/blocking of unwanted traffic and notifies iptables to create drop/block and log rules? how much more memory is consumed by snort in inline mode?
This one might be worth your time to dig into a little ... the DAQ README and Snort README.active are a good place to start. There is a lot there and I can't do it justice here, but some responses to the above: * Active response enables sending TCP resets or ICMP unreachables and is possible in passive or inline mode. * The DAQ provides more flavors than just pcap or iptables (via NFQ or IPQ). See, for example, afpacket. * Also, NFQ and IPQ don't update iptables rules; all packets pass through Snort which renders a verdict to the kernel.
> > With 2.9.0, you *must* use the DAQ. By default, you will windup using a> pcap > > DAQ, but the DAQ is a separate package that must be installed.This is> new for > > 2.9.0. > > ugh! when does the madness end? :lol: i'll have to see if ican huntup the > archive for that... hopefully it is available at > www.snort.org/ports/snort-current/ > > You can find it here, along with Snort:http://www.snort.org/snort-downloads.i'd rather find it in a place that is automation and scriptfriendly... that webpage link is not :? This is another issue worth sending to the web site maintainers.:? FWIW: luckily enough, DAQ is available at the above location... http://www.snort.org/ports/snort-current/daq-0.2.tar.gz ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.9.0 Now Available, (continued)
- Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
- Re: Snort 2.9.0 Now Available Eoin Miller (Oct 04)
- Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
- Re: Snort 2.9.0 Now Available Russ Combs (Oct 04)
- Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
- Re: Snort 2.9.0 Now Available Alex Tatistcheff (Oct 04)
- Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
- Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
- Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
- Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
- Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
- Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
- Re: Snort 2.9.0 Now Available Michael Altizer (Oct 08)
- Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)