joel.esler at ...1935...
Wed Dec 7 16:13:02 EST 2005
I'm not familiar with Snort-inline. I'll stay out of this one ;)
On Dec 7, 2005, at 6:52 PM, Will Metcalf wrote:
> We are hoping to have snort_inline-2.4.3 out before the end of the
> year.... Below is a link to an RC from last month sometime. There
> are about three people who work on snort_inline on a consistent basis.
> A lot of the time real life stuff gets in the way of us getting
> releases out, as we work on this just for fun. See the
> snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more
> information on sticky-drop.
> On 12/7/05, Patrick Walsh <pwalsh at ...13543...> wrote:
>>>> Any thoughts on how I can get my hands on or learn more about
>>> I think you are talking about sdrop?
>> I'm familiar with sdrop. My question is in response to
>> this post from
>> Will earlier today:
>>> sticky-drop in snort-inline can do this. You could probably
>>> accomplish the same thing with Snortsam In InlineMode(); but I
>>> tried it.
>> By which I assume that sticky-drop drops the connection
>> and also drops
>> future connections from the target IP.
>> And then there's this posting by Will from 3/30/05:
>>> The IPS functionality drops or rejects induvidual packets, unless
>>> are using the sticky-drop preprocessor from snort_inline-2.3.0-
>>> RC1 and
>>> tell it otherwise.
>> I did find some related preprocessor files in the
>> snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
>> tree, nor can I find any documentation on exactly what they do or
>> how to
>> make use of them...
>> Anyone know what this is about or if it works or is supported
>> Patrick Walsh
>> eSoft Incorporated
>> 303.444.1600 x3350
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (GNU/Linux)
>> -----END PGP SIGNATURE-----
> This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users