[Snort-users] few brief w32 questions ...

Jeff Nathan jeff at ...950...
Thu Jun 26 17:38:08 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Wednesday, June 25, 2003 8:16 -0700 Jon Baer <security at ...9153...> 
wrote:

> ok after reading the book here are a few questions i still have:
>
> 1. arp preprocessor, not available on w32 yet?

It is available on Windows.  I verified this just one moment ago.

[...]

> 3. with resp keyword is there anyway to inject a custom packet (either win
> or *nix)?

Right now? No.  In the future?  Perhaps.  Making the packets is easy, 
sending them unfortunately blocks the rest of the system.  Coming up with a 
way to express how a packet should be built within the snort rules language 
isn't something I'm ready to dive into.

> thanks.
>
> - jon
>
> pgp key: http://www.jonbaer.net/jonbaer.asc
> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47

You're welcome.

- -Jeff

- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE++5HUEqr8+Gkj0/0RAhlZAJ41YoAcMaIseA7fCzNnJcmnw6+GSACdHBFW
KDbxJk/81xRdStknLamq6ds=
=WiS6
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list