[Snort-users] Sticky-drop

Will Metcalf william.metcalf at ...11827...
Wed Dec 7 15:54:00 EST 2005


We are hoping to have snort_inline-2.4.3 out before the end of the
year....  Below is a link to an RC from last month sometime.  There
are about three people who work on snort_inline on a consistent basis.
 A lot of the time real life stuff gets in the way of us getting
releases out, as we work on this just for fun. See the
snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more
information on sticky-drop.

http://sourceforge.net/tracker/index.php?func=detail&aid=1349079&group_id=78497&atid=553469

Regards,

Will
On 12/7/05, Patrick Walsh <pwalsh at ...13543...> wrote:
> > >     Any thoughts on how I can get my hands on or learn more about
> > > sticky-drop?
> > I think you are talking about sdrop?
>
>         I'm familiar with sdrop.  My question is in response to this post from
> Will earlier today:
>
> > sticky-drop in snort-inline can do this.  You could probably
> > accomplish the same thing with Snortsam In InlineMode(); but I haven't
> > tried it.
>
>         By which I assume that sticky-drop drops the connection and also drops
> future connections from the target IP.
>
>         And then there's this posting by Will from 3/30/05:
>
> > The IPS functionality drops or rejects induvidual packets, unless you
> > are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
> > tell it otherwise.
>
>         I did find some related preprocessor files in the
> snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
> tree, nor can I find any documentation on exactly what they do or how to
> make use of them...
>
>         Anyone know what this is about or if it works or is supported
> somewhere?
>
> --
> Patrick Walsh
> eSoft Incorporated
> 303.444.1600 x3350
> http://www.esoft.com/
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQBDl3DyAhJNUdTnc2gRAvEzAKCcfx67wOjBWKiUztno4zeElJgf+wCeLEo3
> rz4gVIIAB5J6ZHoQ7fEwpc8=
> =6Kme
> -----END PGP SIGNATURE-----
>
>
>




More information about the Snort-users mailing list