Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Libnet v1.1 vs libnet v1.0.2a

from [Jeff Nathan] Network Security [Permanent Link]
Subject: Re: [Snort-users] Libnet v1.1 vs libnet v1.0.2a
Date: Tue, 29 Nov 2005 18:11:59 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The code is actually in Snort CVS. A check out of all the current code is all you need.

Don't reference anything on my website with respect to sp_respond2 (flexresp2), it's out of date.

The actions were named differently because I wanted them to be clearer.

- -Jeff

On Nov 29, 2005, at 4:52 PM, TPanaitescu@colorcon.com wrote:


Hi Jeff,

Thanks for the info, I'll play around w/ flexresp2 in the coming days. Are
there any particular patches for 2.4.3 ?

In the mean while, I have read some of the documentation on
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/ regarding
flexresp2 and I've noticed that the resp:<action> are slightly different
than the ones in flexresp. Is it a particular reason for those differences
? I guess that it would be easier for the us (lazy) snort admins to just
use the current rules w/ the flexresp actions without any need to change
them - even if it is not a complicated thing ... :-P Just my .02

Thanks and regards,
Tudor





Jeff Nathan
<jeff@snort.org>
Sent by: To
snort-users-admin TPanaitescu@colorcon.com
@lists.sourceforg cc
e.net snort- users@lists.sourceforge.net
Subject
Re: [Snort-users] Libnet v1.1 vs
11/29/05 03:57 PM libnet v1.0.2a










-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Checkout snort's source code from CVS and use flexresp2 instead of
flexresp.  You won't need libnet 1.0.2 at all in that case.

- -Jeff

On Nov 22, 2005, at 4:26 PM, TPanaitescu@colorcon.com wrote:


Hi,

Is it any way around the limitation for libnet v1.0.2a in building
snort v
2.4.3 with flexresp ? The reason I am asking is that I am running in a
strange situation when I need syslog-ng with spoof capabilities which
requires libnet >= v1.1 but, on the same machine, snort requires
libnet
v1.0.2a.



TIA,
Tudor



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://cerberus.sourcefire.com/~jeff       (DSA key id 6923D3FD)
"I want to know God's thoughts... the rest are details."   - Albert
Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDjMDaEqr8+Gkj0/0RArVPAKC1dx7vwI3wBMOQZLql8mGoC9dHjACglXJh
xK3/Lfqx5eJDa2XDHeCbVbQ=
=SktB
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




- --
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2005   http://www.pacsec.jp


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDjOBDEqr8+Gkj0/0RAupvAJ0dFJ9E+hT2W+O37WKaLvQmj8VXnQCgsinq
CCUa+giznpTHbFcM9hD0bRk=
=6gvQ
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Libnet v1.1 vs libnet v1.0.2a, TPanaitescu
Next by Date:  [Snort-users] Any issues with dup packets on snort?, Jason Haar
Previous by Thread:  Re: [Snort-users] Libnet v1.1 vs libnet v1.0.2a, TPanaitescu
Next by Thread:  [Snort-users] Re: Snort-users digest, Vol 1 #5395 - 2 msgs, sarma nmrk
Indexes:  [Date] [Thread] [Top] [All Lists]