[Snort-devel] React with InlineMode

Giacomo Tesio development.comunications at ...2499...
Tue Jun 10 03:27:09 EDT 2008


Actually I didn't know... but asking to my CEO, she said that it's to match
the Decreto Gentiloni which is against the pedo-pornography.

Looking at
http://www.comunicazioni.it/binary/min_comunicazioni/normativa/pedopornografia.pdf,
I could understand that this law create a national center to fight against
online pedophilia by collecting a black list of ip/domains.
Internet providers (like us) have to filter traffic coming from those site /
ips.

To add a value to this legal due, we decided to use Snort as an IPS to
protect our clients from dangerous sites.


The law said that, the users should be alerted about the forbidden content.
So we decided to correct and better integrate the react plugin.



Probably missing the right way to comunicate, I'm tring to understand who's
to send patches to the code and to the documentation.

Is this list the right place?
With some of our test, we found the react a funny/ambitious hack (but with
many little bug I'm fixing).
By integrating it better with the inline mode, we hope to make it really
useful (and it actually will be used, at least from us)


Thanks for your help...


Giacomo Tesio

2008/6/9 Leon Ward <seclists at ...2967...>:

> Off topic:
> What new Italian law?
>
> Cheers
>
> -Leon
>
> On 9 Jun 2008, at 17:12, Giacomo Tesio wrote:
>
> Hello every body!
>
> I'm working to integrate better sp_react.c with inline mode, since we need
> it in IPS mode to match a new italian law.
>
>
> But I've some question:
> - has react:warn ever worked? If not, can I completely drop its code (and
> log a warning where found in a rule)
> - since block is the only basic option, can I consider the default (if not
> given)?
> - there is some arcane reason I'm missing for fixing the tcp data size to
> 1024?
> - where should I send the patch?
>
> By looking at the code, I've found some easy bugs I will fix in the patch
> too (missing TH_ACK, the proxy modifier not working when a port is given).
>
>
> I've also open a topic in the forum some days ago, but with no reply:
> http://www.snort.org/reg-bin/forums.cgi?forum_id=4&topic_id=6050
>
>
>
> Ah... Thanks for your wonderful software! :-D
>
> --
> Giacomo Tesio
> http://www.tesio.it-------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://sourceforge.net/services/buy/index.php_______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
>


-- 
Giacomo Tesio
http://www.tesio.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20080610/9a076907/attachment.html>


More information about the Snort-devel mailing list