Snort mailing list archives
Re: Download latest source for barnyard2 (securixlive.com is down)
From: beenph <beenph () gmail com>
Date: Thu, 3 Feb 2011 13:35:05 -0500
On Thu, Feb 3, 2011 at 1:05 PM, Martin Holste <mcholste () gmail com> wrote:
More advanced? Stay tune in 2011 for BY2.Advanced, as in, I can trivially code custom tasks like to do a lookup to my CMDB as alerts roll in, or <do whatever you want> with alert as it rolls in. Or how about sending an RST? Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp => { source => 1000, dest => 80, rst => 1 }})->send(); (Flexresp in Snort has been a nightmare for me.)Perl is nice, but having perl running for a while can also create surprises, mainly related to memory usage. But if you have enough ram not to care i guess its all kosher.^^ s/perl/any poorly tested program/i Anyway, the more the merrier--I look forward to your new code.
From what i understand you would like to have barnyard to be reactive,
this could easely be done with an output plugin, on the other end tho you have to consider the response time versus the process. Snort -> unified2 file -> barnyard -> output. Obviously if you have a specific type of ruleset running in a dedicated snort instance and a dedicated barnyard for this task this can be more responsive. But the focus mainly is to remove most of the bug / issues from the existing core and allow peope to write dedicated output pluggins they find usefull. For sure perl can be flexible but i will stand on my opinion that its not easy to write efficient perl when its ultimately looping forever, you have to take alot of care while doing that and since more perl write hack in changed, its usualy not build that way. ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Download latest source for barnyard2 (securixlive.com is down) Alan Ptak (Feb 02)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jason Wallace (Feb 02)
- Re: Download latest source for barnyard2 (securixlive.com is down) Seth Hall (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) JJC (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jim Hranicky (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Seth Hall (Feb 03)
- Re: Download latest source for barnyard2 (securixlive.com is down) Jason Wallace (Feb 02)