Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Sticky-drop

from [Will Metcalf] Network Security [Permanent Link]
Subject: Re: [Snort-users] Sticky-drop
Date: Wed, 7 Dec 2005 17:52:59 -0600 
We are hoping to have snort_inline-2.4.3 out before the end of the
year....  Below is a link to an RC from last month sometime.  There
are about three people who work on snort_inline on a consistent basis.
 A lot of the time real life stuff gets in the way of us getting
releases out, as we work on this just for fun. See the
snort_inline.conf in etc/ and the README.INLINE/ in doc/ for more
information on sticky-drop.

http://sourceforge.net/tracker/index.php?func=detail&aid=1349079&group_id=78497&atid=553469

Regards,

Will
On 12/7/05, Patrick Walsh <pwalsh@esoft.com> wrote:

    Any thoughts on how I can get my hands on or learn more about
sticky-drop?

I think you are talking about sdrop?


        I'm familiar with sdrop.  My question is in response to this post from
Will earlier today:


sticky-drop in snort-inline can do this.  You could probably
accomplish the same thing with Snortsam In InlineMode(); but I haven't
tried it.


        By which I assume that sticky-drop drops the connection and also drops
future connections from the target IP.

        And then there's this posting by Will from 3/30/05:


The IPS functionality drops or rejects induvidual packets, unless you
are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
tell it otherwise.


        I did find some related preprocessor files in the
snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
tree, nor can I find any documentation on exactly what they do or how to
make use of them...

        Anyone know what this is about or if it works or is supported
somewhere?

--
Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
http://www.esoft.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBDl3DyAhJNUdTnc2gRAvEzAKCcfx67wOjBWKiUztno4zeElJgf+wCeLEo3
rz4gVIIAB5J6ZHoQ7fEwpc8=
=6Kme
-----END PGP SIGNATURE-----






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Sticky-drop, Patrick Walsh
Next by Date:  Re: [Snort-users] Sticky-drop, Joel Esler
Previous by Thread:  Re: [Snort-users] Sticky-drop, Patrick Walsh
Next by Thread:  Re: [Snort-users] Sticky-drop, Joel Esler
Indexes:  [Date] [Thread] [Top] [All Lists]