[Snort-devel] Passive Host

Dragos Ruiu dr at ...40...
Fri Jul 20 16:19:30 EDT 2001


<fnord>splay tree<fnord>


On Fri, 20 Jul 2001, anonpoet wrote:
> I'll finish a working patch some time this weekend.  Right now it's
> doing a linear search through the list.  I'm going to put it in a sorted
> list and doing a binary search through it.  There's probably a faster
> way.  I've got it torn apart right now because I'm adding $IIS_SERVERS
> and $APACHE_SERVERS to it.
> 
> jason
> jason at ...506... 
> 
> On 20 Jul 2001 11:32:37 -0700, Dragos Ruiu wrote:
> > Interesting... esp since my new defragger will do target based reassembly.
> > Please send me a copy iof that patch...
> > 
> > How are you storing the host list data?
> > 
> > cheers,
> > --dr
> > 
> > On Fri, 20 Jul 2001, anonpoet wrote:
> > > I'm about half way through writing an extention that allows IP lists to
> > > be changed at runtime.  I'm trying to add some targeted IDS ability to
> > > snort.  So you will be able to write rules like:
> > > 
> > > alert tcp any <> $WINDOWS_BOXEN any
> > > 
> > > and have the values of $WINDOWS_BOXEN be modified by a passive host
> > > identification module at runtime.
> > > 
> > > I'll probably finish up a prototype this weekend or next.  Is anyone
> > > else interested and what features would you like put in?
> > > 
> > > 
> > > Jason Larsen
> > > jason at ...506...
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Snort-devel mailing list
> > > Snort-devel at lists.sourceforge.net
> > > http://lists.sourceforge.net/lists/listinfo/snort-devel
> > -- 
> > Dragos Ruiu <dr at ...9...>   dursec.com ltd. / kyx.net - we're from the future 
> > gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
> > 
> > 
> 
> 
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel
-- 
Dragos Ruiu <dr at ...9...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc




More information about the Snort-devel mailing list