Snort mailing list archives
Re: Download latest source for barnyard2 (securixlive.com is down)
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 3 Feb 2011 13:29:00 -0500
On Thu, Feb 3, 2011 at 1:18 PM, Jim Hranicky <jfh () ufl edu> wrote:
On Thu, 3 Feb 2011 12:05:12 -0600 Martin Holste <mcholste () gmail com> wrote:More advanced? Stay tune in 2011 for BY2.Advanced, as in, I can trivially code custom tasks like to do a lookup to my CMDB as alerts roll in, or <do whatever you want> with alert as it rolls in. Or how about sending an RST? Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp => { source => 1000, dest => 80, rst => 1 }})->send(); (Flexresp in Snort has been a nightmare for me.)I've had to hack on snort a little to get resets to work, starting with a small patch to fix the TTL of 0 I reported a while back. With a couple of other small patches it seems to be working well, and I've sent them into Russ so he can check them out. I'll be glad to post them if anyone's interested, though they're not official, so use at your own risk, YMMV, etc. They're against 2.9.0.2 .
Thanks Jim, we've got them. Trying to get them targeted to a release.
-- Jim Hranicky IT Security Engineer Office of Information Security and Compliance University of Florida ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Download latest source for barnyard2 (securixlive.com is down) Alan Ptak (Feb 02)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jason Wallace (Feb 02)
- Re: Download latest source for barnyard2 (securixlive.com is down) Seth Hall (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) JJC (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jim Hranicky (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Seth Hall (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jason Wallace (Feb 02)