Menu
▾
▴
snort-inline-users
|
From: James B. <jl...@bo...> - 2006-04-24 04:00:16
Attachments:
smime.p7s
|
So still no MacOS X support? :-( James. On 24/04/2006, at 1:48 PM, snort-inline-users- re...@li... wrote: > Send Snort-inline-users mailing list submissions to > sno...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > or, via email, send a message with subject or body 'help' to > sno...@li... > > You can reach the person managing the list at > sno...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Snort-inline-users digest..." > > > Today's Topics: > > 1. Release: snort_inline-2.4.4-final (Will Metcalf) > > --__--__-- > > Message: 1 > Date: Sun, 23 Apr 2006 10:43:11 -0500 > From: "Will Metcalf" <wil...@gm...> > To: snort-inline-users <sno...@li...> > Subject: [Snort-inline-users] Release: snort_inline-2.4.4-final > > List, > > You thought it would never happen...... > We had our doubts as well....... > But we have finally released something that doesn't have the RC > designation behind it.... > Now Victor can stop bugging me and we can start porting to 2.6.0 w00t! > > Below is that change log, as always take a look at the README.INLINE > and snort_inline.conf in the source file for more info. > > Changes: And I thought we would always be a release behind SF ;-) > Fixed stickydrop to work with tracking rules. Added insert_before > option to bait-and-switch so that it would add the NAT rules via "-I" > instead of "-A". Updated snort_inline.conf and README.INLINE > > Go get the latest release from > > http://snort-inline.sourceforge.net/download.html > > Regards, > > Will > > > > --__--__-- > > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > End of Snort-inline-users Digest > |
|
From: James B. <jl...@bo...> - 2006-04-24 05:12:32
|
Thanks Will. I allowed Nick to SSH into my machine to try and get it working under Mac OS X. Unfortunately the latency was too high for him to be very productive on it. On 28/10/2005, at 2:54 PM, Nick Rogness wrote: > > On the status of running snort_inline on Mac OS X: > > There appears to be a problem with MacOS and mangling the packet in > inline mode. Snort_inline is working and passing packets OK > through the > firewall...it just appears that there is something wrong with the > packets after inline inspects them. > > Also, rejects cause bus error's (which is bad!). Yeh, it compiles, > but it > doesn't work. This is what he said on 30 Jan 2006 on this list: "I am working on Mac OS X and will likely be a patched version of 2.4.3. If anyone has SSH access to a Mac that I can build on, it would speed this process along. Email me privately at ni...@ro... if will let me use your machine to test on." Unfortunately I have pretty meager programming skills, so I can't contribute to the code itself. If I can help in any other way I would. If I use QoS on my switch would that help reduce the latency? Or is it just because we are on the wrong side of the world? I've doubled our upload speed since Nick had his last attempt. If we can get SSH working acceptably I'd be happy to grant access to my computer if that would help. Regards, James. On 24/04/2006, at 2:51 PM, Will Metcalf wrote: > Nick Rogness was working on it but unfortunately he won't be able to > do any coding for a while. I don't have a MacOSX box, and neither do > Dave or Victor. You want to build support for MacOS X be my guest, > let me know when you get a patch together and we will be sure to > include it. > > Regards, > > Will |
|
From: Amit B. <ab...@an...> - 2006-04-25 03:41:46
|
Hi all,
I am having a project deadline pretty soon and have stumbled into a fundamental issue here.
Scenario: I am trying to rewrite/"replace" the entire data feild of an icmp packet with 0's. There isn't a "any" wildcard for content keyword, so i thought that i will check for the data feild filled by different OS's and i figured out they are always the same. So now my plan was to use something like:
content: !"whatever garbage filled by different OS's"; replace "000..."
But this doenst seem to work.
Now what i want to know is can i overwirte the data field of an ICMP packet when i get it anyhow?
Responses highly appreciated!!
Thanks a lot,
Amit
|
|
From: Will M. <wil...@gm...> - 2006-04-25 12:14:47
|
your not taking a class with John Smith are you? You have to replace the content match with exactly the same amount of data. It would be rather trivial to write a preproc to do what you are trying to accomplish i.e. if string xyz not first three bytes of payload, create new buff of payload size, fill will crap, replace payload packet->p with newly generated one, calculate new checksum, call InlineReplace(); Regards, Will On 4/24/06, Amit Bagree <ab...@an...> wrote: > Hi all, > I am having a project deadline pretty soon and have stumbled int= o a fundamental issue here. > > Scenario: I am trying to rewrite/"replace" the entire data feild of an ic= mp packet with 0's. There isn't a "any" wildcard for content keyword, so i = thought that i will check for the data feild filled by different OS's and i= figured out they are always the same. So now my plan was to use something = like: > > content: !"whatever garbage filled by different OS's"; replace "000..." > But this doenst seem to work. > > Now what i want to know is can i overwirte the data field of an ICMP pack= et when i get it anyhow? > > Responses highly appreciated!! > > Thanks a lot, > Amit > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job ea= sier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim= o > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat= =3D121642 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Will M. <wil...@gm...> - 2006-04-24 04:51:15
|
Nick Rogness was working on it but unfortunately he won't be able to do any coding for a while. I don't have a MacOSX box, and neither do Dave or Victor. You want to build support for MacOS X be my guest, let me know when you get a patch together and we will be sure to include it. Regards, Will On 4/23/06, James Brown <jl...@bo...> wrote: > So still no MacOS X support? > > :-( > > James. > > On 24/04/2006, at 1:48 PM, snort-inline-users- > re...@li... wrote: > > > Send Snort-inline-users mailing list submissions to > > sno...@li... > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > or, via email, send a message with subject or body 'help' to > > sno...@li... > > > > You can reach the person managing the list at > > sno...@li... > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Snort-inline-users digest..." > > > > > > Today's Topics: > > > > 1. Release: snort_inline-2.4.4-final (Will Metcalf) > > > > --__--__-- > > > > Message: 1 > > Date: Sun, 23 Apr 2006 10:43:11 -0500 > > From: "Will Metcalf" <wil...@gm...> > > To: snort-inline-users <sno...@li...> > > Subject: [Snort-inline-users] Release: snort_inline-2.4.4-final > > > > List, > > > > You thought it would never happen...... > > We had our doubts as well....... > > But we have finally released something that doesn't have the RC > > designation behind it.... > > Now Victor can stop bugging me and we can start porting to 2.6.0 w00t! > > > > Below is that change log, as always take a look at the README.INLINE > > and snort_inline.conf in the source file for more info. > > > > Changes: And I thought we would always be a release behind SF ;-) > > Fixed stickydrop to work with tracking rules. Added insert_before > > option to bait-and-switch so that it would add the NAT rules via "-I" > > instead of "-A". Updated snort_inline.conf and README.INLINE > > > > Go get the latest release from > > > > http://snort-inline.sourceforge.net/download.html > > > > Regards, > > > > Will > > > > > > > > --__--__-- > > > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > > End of Snort-inline-users Digest > > > > > > |
|
From: Will M. <wil...@gm...> - 2006-04-24 05:01:42
|
Actually that brings up an interesting point. Anybody have access to a OSX box based on the intel chipset? If I remember correctly Nick thought a lot of the issues he was running into porting snort_inline to OSX had to do with the architecture differences between x86 and Power. Anybody want to give it a shot and get back to me? Regards, Will On 4/23/06, Will Metcalf <wil...@gm...> wrote: > Nick Rogness was working on it but unfortunately he won't be able to > do any coding for a while. I don't have a MacOSX box, and neither do > Dave or Victor. You want to build support for MacOS X be my guest, > let me know when you get a patch together and we will be sure to > include it. > > Regards, > > Will > > On 4/23/06, James Brown <jl...@bo...> wrote: > > So still no MacOS X support? > > > > :-( > > > > James. > > > > On 24/04/2006, at 1:48 PM, snort-inline-users- > > re...@li... wrote: > > > > > Send Snort-inline-users mailing list submissions to > > > sno...@li... > > > > > > To subscribe or unsubscribe via the World Wide Web, visit > > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > or, via email, send a message with subject or body 'help' to > > > sno...@li... > > > > > > You can reach the person managing the list at > > > sno...@li... > > > > > > When replying, please edit your Subject line so it is more specific > > > than "Re: Contents of Snort-inline-users digest..." > > > > > > > > > Today's Topics: > > > > > > 1. Release: snort_inline-2.4.4-final (Will Metcalf) > > > > > > --__--__-- > > > > > > Message: 1 > > > Date: Sun, 23 Apr 2006 10:43:11 -0500 > > > From: "Will Metcalf" <wil...@gm...> > > > To: snort-inline-users <sno...@li...> > > > Subject: [Snort-inline-users] Release: snort_inline-2.4.4-final > > > > > > List, > > > > > > You thought it would never happen...... > > > We had our doubts as well....... > > > But we have finally released something that doesn't have the RC > > > designation behind it.... > > > Now Victor can stop bugging me and we can start porting to 2.6.0 w00t= ! > > > > > > Below is that change log, as always take a look at the README.INLINE > > > and snort_inline.conf in the source file for more info. > > > > > > Changes: And I thought we would always be a release behind SF ;-) > > > Fixed stickydrop to work with tracking rules. Added insert_before > > > option to bait-and-switch so that it would add the NAT rules via "-I" > > > instead of "-A". Updated snort_inline.conf and README.INLINE > > > > > > Go get the latest release from > > > > > > http://snort-inline.sourceforge.net/download.html > > > > > > Regards, > > > > > > Will > > > > > > > > > > > > --__--__-- > > > > > > _______________________________________________ > > > Snort-inline-users mailing list > > > Sno...@li... > > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > > > > > End of Snort-inline-users Digest > > > > > > > > > > > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X