[Snort-devel] Passive Host

anonpoet jason at ...506...
Fri Jul 20 16:11:42 EDT 2001


I'll finish a working patch some time this weekend.  Right now it's
doing a linear search through the list.  I'm going to put it in a sorted
list and doing a binary search through it.  There's probably a faster
way.  I've got it torn apart right now because I'm adding $IIS_SERVERS
and $APACHE_SERVERS to it.

jason
jason at ...506... 

On 20 Jul 2001 11:32:37 -0700, Dragos Ruiu wrote:
> Interesting... esp since my new defragger will do target based reassembly.
> Please send me a copy iof that patch...
> 
> How are you storing the host list data?
> 
> cheers,
> --dr
> 
> On Fri, 20 Jul 2001, anonpoet wrote:
> > I'm about half way through writing an extention that allows IP lists to
> > be changed at runtime.  I'm trying to add some targeted IDS ability to
> > snort.  So you will be able to write rules like:
> > 
> > alert tcp any <> $WINDOWS_BOXEN any
> > 
> > and have the values of $WINDOWS_BOXEN be modified by a passive host
> > identification module at runtime.
> > 
> > I'll probably finish up a prototype this weekend or next.  Is anyone
> > else interested and what features would you like put in?
> > 
> > 
> > Jason Larsen
> > jason at ...506...
> > 
> > 
> > 
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > http://lists.sourceforge.net/lists/listinfo/snort-devel
> -- 
> Dragos Ruiu <dr at ...9...>   dursec.com ltd. / kyx.net - we're from the future 
> gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
> 
> 






More information about the Snort-devel mailing list