Snort mailing list archives
RE: [Snort-devel] 1.8.4-beta1 feedback?
From: "Smith, Donald " <Donald.Smith () qwest com>
Date: Tue, 5 Feb 2002 16:11:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff I believe the static data your referring to is hardcoded data because that is what it takes to kill synscan1.5 or 1.6. A packet from www.microsoft.de on port 80 to port 31337 on the scanning machine. I realize this is a little specialized but it would affect a large number of scanners. Since a large part of the scanning being done on the net is still using synscan1.5/1.6 code I had hoped to get this patch accepted soon. I did send you two versions. Just to be sure you have the correct version I am including the latest version. It is for 1.8.3 not 1.8.4. and precaches the tcpsyn packet. Donald.Smith () qwest com GCIA QIS/WWN Security 303-226-9939 Office 720-320-1537 cell
-----Original Message----- From: Jeff Nathan [mailto:jeff () snort org] Sent: Tuesday, February 05, 2002 2:42 PM To: Smith, Donald Cc: 'Jeff Nathan'; Martin Roesch; snort-users; snort-dev Subject: Re: [Snort-devel] 1.8.4-beta1 feedback? "Smith, Donald" wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff, what happened to the synscan kill code I sent you. Did you reject it for some reason? Donald.Smith () qwest com GCIA QIS/WWN Security 303-226-9939 Office 720-320-1537 cellDonald, I still have the code, thanks for spending the time working on it. As of now it hasn't been integrated into snort due to the use of static data used within the proof of concept code as well as our desire to simplify and optimize the code. We're looking at what can be added to the sp_respond code to try and shutdown backdoors, etc but I suspect there will be some debate before that is completed. -Jeff -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - Albert Einstein _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
-----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 iQA/AwUBPGBpQkPxB2evAO3MEQLeMgCeKgHj+yx5Xtg4KQ6f4YkGANxrv1AAoNKR Af9CjbiWbNV+UcYQBHub3DwF =/g0+ -----END PGP SIGNATURE-----
Attachment:
SNORT_1.8.tar
Description:
Current thread:
- RE: Re: [Snort-devel] 1.8.4-beta1 feedback? Justin Ferguson (Feb 01)
- <Possible follow-ups>
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 04)
- Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 05)
- Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)