Snort mailing list archives

RE: [Snort-devel] 1.8.4-beta1 feedback?

From: "Smith, Donald " <Donald.Smith () qwest com>
Date: Tue, 5 Feb 2002 16:11:26 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff I believe the static data your referring to is hardcoded data 
because that is what it takes to kill synscan1.5 or 1.6.
A packet from www.microsoft.de on port 80 to port 31337 on the
scanning machine.
I realize this is a little specialized but it would affect a large
number of scanners.
Since a large part of the scanning being
done on the net is still using synscan1.5/1.6 code 
I had hoped to get this patch accepted soon.

I did send you two versions. Just to be sure you have the correct
version I am including 
the latest version. It is for 1.8.3 not 1.8.4. and precaches the
tcpsyn packet.



Donald.Smith () qwest com GCIA
QIS/WWN Security
303-226-9939 Office
720-320-1537 cell

-----Original Message-----
From: Jeff Nathan [mailto:jeff () snort org]
Sent: Tuesday, February 05, 2002 2:42 PM
To: Smith, Donald
Cc: 'Jeff Nathan'; Martin Roesch; snort-users; snort-dev
Subject: Re: [Snort-devel] 1.8.4-beta1 feedback?


"Smith, Donald" wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff, what happened to the synscan kill code I sent you.
Did you reject it for some reason?

Donald.Smith () qwest com GCIA
QIS/WWN Security
303-226-9939 Office
720-320-1537 cell


Donald,

I still have the code, thanks for spending the time working on it. 
As of now it hasn't been integrated into snort due to the use of
static data used within the proof of concept code as well as our
desire to simplify and optimize the code.

We're looking at what can be added to the sp_respond code to try
and shutdown backdoors, etc but I suspect there will be some debate
before that is completed.

-Jeff


-- 
http://jeff.wwti.com            (pgp key available)
"Common sense is the collection of prejudices acquired by age 
eighteen."
- Albert Einstein

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8

iQA/AwUBPGBpQkPxB2evAO3MEQLeMgCeKgHj+yx5Xtg4KQ6f4YkGANxrv1AAoNKR
Af9CjbiWbNV+UcYQBHub3DwF
=/g0+
-----END PGP SIGNATURE-----

Attachment: SNORT_1.8.tar
Description:

Current thread:

RE: Re: [Snort-devel] 1.8.4-beta1 feedback? Justin Ferguson (Feb 01)
- <Possible follow-ups>
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 04)
  - Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 05)
  - Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)