[Snort-devel] React with InlineMode

Steven Sturges steve.sturges at ...402...
Tue Jun 10 08:58:49 EDT 2008


Hi Giacomo--

Yes, please send patches to this list.

There should be a number of developers interested to see your work,
as well as comment on additional features or recommend changes.

Cheers.
-steve

Giacomo Tesio wrote:
> Actually I didn't know... but asking to my CEO, she said that it's to match
> the Decreto Gentiloni which is against the pedo-pornography.
> 
> Looking at
> http://www.comunicazioni.it/binary/min_comunicazioni/normativa/pedopornografia.pdf,
> I could understand that this law create a national center to fight against
> online pedophilia by collecting a black list of ip/domains.
> Internet providers (like us) have to filter traffic coming from those site /
> ips.
> 
> To add a value to this legal due, we decided to use Snort as an IPS to
> protect our clients from dangerous sites.
> 
> 
> The law said that, the users should be alerted about the forbidden content.
> So we decided to correct and better integrate the react plugin.
> 
> 
> 
> Probably missing the right way to comunicate, I'm tring to understand who's
> to send patches to the code and to the documentation.
> 
> Is this list the right place?
> With some of our test, we found the react a funny/ambitious hack (but with
> many little bug I'm fixing).
> By integrating it better with the inline mode, we hope to make it really
> useful (and it actually will be used, at least from us)
> 
> 
> Thanks for your help...
> 
> 
> Giacomo Tesio
> 
> 2008/6/9 Leon Ward <seclists at ...2967...>:
> 
>> Off topic:
>> What new Italian law?
>>
>> Cheers
>>
>> -Leon
>>
>> On 9 Jun 2008, at 17:12, Giacomo Tesio wrote:
>>
>> Hello every body!
>>
>> I'm working to integrate better sp_react.c with inline mode, since we need
>> it in IPS mode to match a new italian law.
>>
>>
>> But I've some question:
>> - has react:warn ever worked? If not, can I completely drop its code (and
>> log a warning where found in a rule)
>> - since block is the only basic option, can I consider the default (if not
>> given)?
>> - there is some arcane reason I'm missing for fixing the tcp data size to
>> 1024?
>> - where should I send the patch?
>>
>> By looking at the code, I've found some easy bugs I will fix in the patch
>> too (missing TH_ACK, the proxy modifier not working when a port is given).
>>
>>
>> I've also open a topic in the forum some days ago, but with no reply:
>> http://www.snort.org/reg-bin/forums.cgi?forum_id=4&topic_id=6050
>>
>>
>>
>> Ah... Thanks for your wonderful software! :-D
>>
>> --
>> Giacomo Tesio
>> http://www.tesio.it-------------------------------------------------------------------------
>> Check out the new SourceForge.net Marketplace.
>> It's the best place to buy or sell services for
>> just about anything Open Source.
>>
>> http://sourceforge.net/services/buy/index.php_______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>>
>>
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list