Re: Libnet v1.1 vs libnet v1.0.2a

[Jeff Nathan <jeff () snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The code is actually in Snort CVS.  A check out of all the current  
code is all you need.

Don't reference anything on my website with respect to sp_respond2  
(flexresp2), it's out of date.

The actions were named differently because I wanted them to be clearer.

- -Jeff

On Nov 29, 2005, at 4:52 PM, TPanaitescu () colorcon com wrote:

> Hi Jeff,
>
> Thanks for the info, I'll play around w/ flexresp2 in the coming  
> days. Are
> there any particular patches for 2.4.3 ?
>
> In the mean while, I have read some of the documentation on
> http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/  
> regarding
> flexresp2 and I've noticed that the resp:<action> are slightly  
> different
> than the ones in flexresp. Is it a particular reason for those  
> differences
> ? I guess that it would be easier for the us (lazy) snort admins to  
> just
> use the current rules w/ the flexresp actions without any need to  
> change
> them - even if it is not a complicated thing ... :-P Just my .02
>
> Thanks and regards,
> Tudor
>
>
>
>
>
>              Jeff Nathan
>              <jeff () snort org>
>              Sent  
> by:                                                   To
>              snort-users-admin         TPanaitescu () colorcon com
>               
> @lists.sourceforg                                          cc
>              e.net                     snort- 
> users () lists sourceforge net
>                                                                     
> Subject
>                                        Re: [Snort-users] Libnet  
> v1.1 vs
>              11/29/05 03:57 PM         libnet v1.0.2a
>
>
>
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Checkout snort's source code from CVS and use flexresp2 instead of
> flexresp.  You won't need libnet 1.0.2 at all in that case.
>
> - -Jeff
>
> On Nov 22, 2005, at 4:26 PM, TPanaitescu () colorcon com wrote:
>
> > Hi,
> >
> > Is it any way around the limitation for libnet v1.0.2a in building
> > snort v
> > 2.4.3 with flexresp ? The reason I am asking is that I am running  
> > in a
> > strange situation when I need syslog-ng with spoof capabilities which
> > requires libnet >= v1.1 but, on the same machine, snort requires
> > libnet
> > v1.0.2a.
> >
> >
> >
> > TIA,
> > Tudor
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
> > Register for a JBoss Training Course.  Free Certification Exam
> > for All Training Attendees Through End of 2005. For more info visit:
> > http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> - --
> http://cerberus.sourcefire.com/~jeff       (DSA key id 6923D3FD)
> "I want to know God's thoughts... the rest are details."   - Albert
> Einstein
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
>
> iD8DBQFDjMDaEqr8+Gkj0/0RArVPAKC1dx7vwI3wBMOQZLql8mGoC9dHjACglXJh
> xK3/Lfqx5eJDa2XDHeCbVbQ=
> =SktB
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2005   http://www.pacsec.jp


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDjOBDEqr8+Gkj0/0RAupvAJ0dFJ9E+hT2W+O37WKaLvQmj8VXnQCgsinq
CCUa+giznpTHbFcM9hD0bRk=
=6gvQ
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users