[Snort-users] snort+FLoP on FreeBSD-5.2.1
Dirk_Geschke at ...1344...
Fri Aug 27 03:42:06 EDT 2004
> i post this note, because it took me 2 day to set up
> snort+FLoP+acid ong a FreeBSD_5.2.1-p9 .
> the main problem was to get FLoP to compile.
> seriously the "./configure" and autotools probably don't work on FreeBSD
> the way it is done in this package. which i think was developed and
> tested on linux.
not only, it was tested on FreeBSD-5.1 too. And for me it worked...
So which version of FLoP did you try? And more interestingly:
What are the problems with configure you get?
> i had to trick the "build machinery" wich links,deletions in the
> ./configure script and manuall compilation in some /src/ subdir's
> A REAL PAIN IN THE FOOT
> i think FLoP is a very intresting tool that's why i went through all
> this , but i hope we can fix that for future releeases.
Yes, I will fix the problems as soon as I can localize it. So could
you please send the problems with configure/make/... or whererever
you have problems?
> now i'll try if it runs stable. i already have dectected some problems
> when flooding the FLoP port 1234 with arbitrary SYN, or X-MAS'es.
> the server-side "servsock" crashed (or was it sockserv?? , shoud be
> renamed in sflop and cflop for simplicity , i think).
Interesting idea. Maybe I should really rename the programs. But
the basic naming idea was
sockserv: creates a socket for snort and forwards all to the
servsock: This is the server which feeds the database via an unix socket.
To the flooding problem: This should not happen. But the basic idea
was to have a seperate network for this communication. One stealth
interface for sniffing and one with a dedicated network for reporting.
> i have searched this mailing list for FLoP topics and didn't find any
> so if someone , has had related problems how did you fixed them. or open
> a new thread?
> FLoP: http://www.geschke-online.de/FLoP/
If I find the time I will set up a machine with FreeBSD-5.2. On my FreeBSD
machine (5.1) there is no problem with configure or make, it does all work...
More information about the Snort-users