[Snort-users] RE: [Snort-devel] 1.8.4-beta1 feedback?

Smith, Donald Donald.Smith at ...4852...
Tue Feb 5 15:21:09 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff I believe the static data your referring to is hardcoded data 
because that is what it takes to kill synscan1.5 or 1.6.
A packet from www.microsoft.de on port 80 to port 31337 on the
scanning machine.
I realize this is a little specialized but it would affect a large
number of scanners.
Since a large part of the scanning being
done on the net is still using synscan1.5/1.6 code 
I had hoped to get this patch accepted soon.

I did send you two versions. Just to be sure you have the correct
version I am including 
the latest version. It is for 1.8.3 not 1.8.4. and precaches the
tcpsyn packet.



Donald.Smith at ...4852... GCIA
QIS/WWN Security
303-226-9939 Office
720-320-1537 cell

> -----Original Message-----
> From: Jeff Nathan [mailto:jeff at ...950...]
> Sent: Tuesday, February 05, 2002 2:42 PM
> To: Smith, Donald
> Cc: 'Jeff Nathan'; Martin Roesch; snort-users; snort-dev
> Subject: Re: [Snort-devel] 1.8.4-beta1 feedback?
> 
> 
> "Smith, Donald" wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Jeff, what happened to the synscan kill code I sent you.
> > Did you reject it for some reason?
> > 
> > Donald.Smith at ...4852... GCIA
> > QIS/WWN Security
> > 303-226-9939 Office
> > 720-320-1537 cell
> 
> Donald,
> 
> I still have the code, thanks for spending the time working on it. 
> As of now it hasn't been integrated into snort due to the use of
> static data used within the proof of concept code as well as our
> desire to simplify and optimize the code.
> 
> We're looking at what can be added to the sp_respond code to try
> and shutdown backdoors, etc but I suspect there will be some debate
> before that is completed.
> 
> -Jeff
> 
> 
> -- 
> http://jeff.wwti.com            (pgp key available)
> "Common sense is the collection of prejudices acquired by age 
> eighteen."
> - Albert Einstein
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8

iQA/AwUBPGBpQkPxB2evAO3MEQLeMgCeKgHj+yx5Xtg4KQ6f4YkGANxrv1AAoNKR
Af9CjbiWbNV+UcYQBHub3DwF
=/g0+
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SNORT_1.8.tar
Type: application/octet-stream
Size: 20480 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020205/74299362/attachment.obj>


More information about the Snort-users mailing list