[Snort-users] Download latest source for barnyard2 (securixlive.com is down)

Russ Combs rcombs at ...1935...
Thu Feb 3 13:29:00 EST 2011


On Thu, Feb 3, 2011 at 1:18 PM, Jim Hranicky <jfh at ...5250...> wrote:

> On Thu, 3 Feb 2011 12:05:12 -0600
> Martin Holste <mcholste at ...11827...> wrote:
>
> > > More advanced?
> > > Stay tune in 2011 for BY2.
> > >
> >
> > Advanced, as in, I can trivially code custom tasks like to do a lookup
> > to my CMDB as alerts roll in, or <do whatever you want> with alert as
> > it rolls in.  Or how about sending an RST?
> > Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp
> > => { source => 1000, dest => 80, rst => 1 }})->send();
> > (Flexresp in Snort has been a nightmare for me.)
>
> I've had to hack on snort a little to get resets to work, starting with
> a small patch to fix the TTL of 0 I reported a while back. With a
> couple of other small patches it seems to be working well, and I've
> sent them into Russ so he can check them out. I'll be glad
> to post them if anyone's interested, though they're not official, so
> use at your own risk, YMMV, etc.
>
> They're against 2.9.0.2 .
>

Thanks Jim, we've got them.  Trying to get them targeted to a release.

>
> --
> Jim Hranicky
> IT Security Engineer
> Office of Information Security and Compliance
> University of Florida
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110203/71bf3ca0/attachment.html>


More information about the Snort-users mailing list