Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Download latest source for barnyard2 (securixlive.com is down)

From: Martin Holste <mcholste () gmail com>
Date: Thu, 3 Feb 2011 12:05:12 -0600
More advanced?
Stay tune in 2011 for BY2.



Advanced, as in, I can trivially code custom tasks like to do a lookup
to my CMDB as alerts roll in, or <do whatever you want> with alert as
it rolls in.  Or how about sending an RST?
Net::RawIP->new({ip => { saddr => '1.1.1.1', daddr => '2.2.2.2' }, tcp
=> { source => 1000, dest => 80, rst => 1 }})->send();
(Flexresp in Snort has been a nightmare for me.)


Perl is nice, but having perl running for a while can also create
surprises, mainly related to memory usage.
But if you have enough ram not to care i guess its all kosher.



^^
s/perl/any poorly tested program/i

Anyway, the more the merrier--I look forward to your new code.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: