[Snort-users] Sticky-drop

Joel Esler joel.esler at ...1935...
Wed Dec 7 16:13:02 EST 2005


I'm not familiar with Snort-inline.  I'll stay out of this one ;)

J



On Dec 7, 2005, at 6:52 PM, Will Metcalf wrote:

> We are hoping to have snort_inline-2.4.3 out before the end of the
> year....  Below is a link to an RC from last month sometime.  There
> are about three people who work on snort_inline on a consistent basis.
>  A lot of the time real life stuff gets in the way of us getting
> releases out, as we work on this just for fun. See the
> snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more
> information on sticky-drop.
>
> http://sourceforge.net/tracker/index.php? 
> func=detail&aid=1349079&group_id=78497&atid=553469
>
> Regards,
>
> Will
> On 12/7/05, Patrick Walsh <pwalsh at ...13543...> wrote:
>>>>     Any thoughts on how I can get my hands on or learn more about
>>>> sticky-drop?
>>> I think you are talking about sdrop?
>>
>>         I'm familiar with sdrop.  My question is in response to  
>> this post from
>> Will earlier today:
>>
>>> sticky-drop in snort-inline can do this.  You could probably
>>> accomplish the same thing with Snortsam In InlineMode(); but I  
>>> haven't
>>> tried it.
>>
>>         By which I assume that sticky-drop drops the connection  
>> and also drops
>> future connections from the target IP.
>>
>>         And then there's this posting by Will from 3/30/05:
>>
>>> The IPS functionality drops or rejects induvidual packets, unless  
>>> you
>>> are using the sticky-drop preprocessor from snort_inline-2.3.0- 
>>> RC1 and
>>> tell it otherwise.
>>
>>         I did find some related preprocessor files in the
>> snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
>> tree, nor can I find any documentation on exactly what they do or  
>> how to
>> make use of them...
>>
>>         Anyone know what this is about or if it works or is supported
>> somewhere?
>>
>> --
>> Patrick Walsh
>> eSoft Incorporated
>> 303.444.1600 x3350
>> http://www.esoft.com/
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (GNU/Linux)
>>
>> iD8DBQBDl3DyAhJNUdTnc2gRAvEzAKCcfx67wOjBWKiUztno4zeElJgf+wCeLEo3
>> rz4gVIIAB5J6ZHoQ7fEwpc8=
>> =6Kme
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list