[Snort-users] RE: [Snort-devel] 1.8.4-beta1 feedback?
Donald.Smith at ...4852...
Tue Feb 5 15:21:09 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Jeff I believe the static data your referring to is hardcoded data
because that is what it takes to kill synscan1.5 or 1.6.
A packet from www.microsoft.de on port 80 to port 31337 on the
I realize this is a little specialized but it would affect a large
number of scanners.
Since a large part of the scanning being
done on the net is still using synscan1.5/1.6 code
I had hoped to get this patch accepted soon.
I did send you two versions. Just to be sure you have the correct
version I am including
the latest version. It is for 1.8.3 not 1.8.4. and precaches the
Donald.Smith at ...4852... GCIA
> -----Original Message-----
> From: Jeff Nathan [mailto:jeff at ...950...]
> Sent: Tuesday, February 05, 2002 2:42 PM
> To: Smith, Donald
> Cc: 'Jeff Nathan'; Martin Roesch; snort-users; snort-dev
> Subject: Re: [Snort-devel] 1.8.4-beta1 feedback?
> "Smith, Donald" wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Jeff, what happened to the synscan kill code I sent you.
> > Did you reject it for some reason?
> > Donald.Smith at ...4852... GCIA
> > QIS/WWN Security
> > 303-226-9939 Office
> > 720-320-1537 cell
> I still have the code, thanks for spending the time working on it.
> As of now it hasn't been integrated into snort due to the use of
> static data used within the proof of concept code as well as our
> desire to simplify and optimize the code.
> We're looking at what can be added to the sp_respond code to try
> and shutdown backdoors, etc but I suspect there will be some debate
> before that is completed.
> http://jeff.wwti.com (pgp key available)
> "Common sense is the collection of prejudices acquired by age
> - Albert Einstein
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 20480 bytes
Desc: not available
More information about the Snort-users