Snort mailing list archives
Re: Re: [Snort-devel] Urgent (hopefully not dumb) question:resp:(onses) on which device?
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 12 Nov 2001 10:57:17 -0500
Yeah, my bad. I was attmepting to speed up the flexresp response time
by precaching the TCP response packets and only filling in needed fields
at "fire time" instead of creating the packet from scratch every time it
was needed. While it was indeed faster, I forgot to finish up what I
was working on due to the increasing number of distractions I have in my
life (baby, company, snort, etc) and as a result the flexresp code in
1.8.2 was massively broken.
Anyway, it's fixed in CVS and will be fixed when I officially release
1.8.3 later today.
-Marty
Chris Green wrote:
"Chr. v. Stuckrad" <stucki () math fu-berlin de> writes:Hi! I'm in a hurry to create 'responses' to kill incoming ssh-connections to some openssh-1.* vulnerable hosts where I have no root-access to, but snort is reading on eth1 an not-writable mirror-port of an router. I geht no visible responses on the 'normal' interface eth0, so I fear the responses are on the wrong device (or not generated at all?) ? Stucki PS.: I definitely compiled 1.8.2 WITH --enable-flexresponse on my LINUX end the rule logs correctly, but so far never 'responds'.Flexresp is broken in 1.8.2. Please grab the CVS checkout if you need to use it. It shouldn't be too long before a official release that fixes this is done. -- Chris Green <cmg () uab edu> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Urgent (hopefully not dumb) question: resp:(onses) on which device? Chr. v. Stuckrad (Nov 11)
- Re: [Snort-devel] Urgent (hopefully not dumb) question: resp:(onses) on which device? Chris Green (Nov 11)
- Re: [Snort-devel] Urgent (hopefully not dumb) question: resp:(onses) on which device? Chr. v. Stuckrad (Nov 11)
- Re: Re: [Snort-devel] Urgent (hopefully not dumb) question:resp:(onses) on which device? Martin Roesch (Nov 12)
- Re: [Snort-devel] Urgent (hopefully not dumb) question: resp:(onses) on which device? Fyodor (Nov 11)
- Re: [Snort-devel] Urgent (hopefully not dumb) question: resp:(onses) on which device? Chris Green (Nov 11)