[Snort-users] Download latest source for barnyard2 (securixlive.com is down)

Jim Hranicky jfh at ...5250...
Thu Feb 3 13:18:59 EST 2011


On Thu, 3 Feb 2011 12:05:12 -0600
Martin Holste <mcholste at ...11827...> wrote:

> > More advanced?
> > Stay tune in 2011 for BY2.
> >
> 
> Advanced, as in, I can trivially code custom tasks like to do a lookup
> to my CMDB as alerts roll in, or <do whatever you want> with alert as
> it rolls in.  Or how about sending an RST?
> Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp
> => { source => 1000, dest => 80, rst => 1 }})->send();
> (Flexresp in Snort has been a nightmare for me.)

I've had to hack on snort a little to get resets to work, starting with
a small patch to fix the TTL of 0 I reported a while back. With a 
couple of other small patches it seems to be working well, and I've
sent them into Russ so he can check them out. I'll be glad
to post them if anyone's interested, though they're not official, so 
use at your own risk, YMMV, etc. 

They're against 2.9.0.2 . 

-- 
Jim Hranicky
IT Security Engineer
Office of Information Security and Compliance
University of Florida




More information about the Snort-users mailing list