Snort mailing list archives
Re: external internet/process calls from a preprocessor
From: Jason <security () brvenik com>
Date: Sat, 15 Apr 2006 08:42:07 -0400
David, You may have better luck with this request on the snort-devel list. David Cann wrote:
I've got snort 2.4.4 running inline on a dedicated box, and I'm trying to use the gethostbyname() function to make a simple DNS call when a set of criteria is true. This code is contained in a preprocessor which otherwise works fine. When the criteria are satisfied, the DNS call invariably fails to work; it doesn't time out, it just fails outright, as if it has no access to the internet. Running the exact same code in a standalone program outside of Snort, works fine. So my backup idea was to invoke a standalone program each time the criteria is met, and pass arguments back and forth. This doesn't seem to work either, it's as if snort disallows such functionality, even when running in daemon mode. I admit I am a terrible, novice C programmer. But can anybody provide some insight into either A) snort not being able to make DNS calls from a preprocessor, or B) snort not invoking an external process and passing arguments?
snort deliberately does not use name resolution in the critical path for performance reasons. There should be nothing preventing the use of it though.
Thanks in advance, --Dave ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- external internet/process calls from a preprocessor David Cann (Apr 14)
- Re: external internet/process calls from a preprocessor Jason (Apr 15)