[Snort-users] Download latest source for barnyard2 (securixlive.com is down)

Martin Holste mcholste at ...11827...
Thu Feb 3 13:05:12 EST 2011


> More advanced?
> Stay tune in 2011 for BY2.
>

Advanced, as in, I can trivially code custom tasks like to do a lookup
to my CMDB as alerts roll in, or <do whatever you want> with alert as
it rolls in.  Or how about sending an RST?
Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp
=> { source => 1000, dest => 80, rst => 1 }})->send();
(Flexresp in Snort has been a nightmare for me.)

> Perl is nice, but having perl running for a while can also create
> surprises, mainly related to memory usage.
> But if you have enough ram not to care i guess its all kosher.
>

^^
s/perl/any poorly tested program/i

Anyway, the more the merrier--I look forward to your new code.




More information about the Snort-users mailing list