logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: P0F in Snort?: msg#00165

security.ids.snort.bleedingsnort

Subject: Re: P0F in Snort?

Devil's advocate here. Another thing to keep in mind is that
SourceFire owns a number of patents in regards to RNA technology. They
are also being sued by a company over some of the capability within
RNA. Just wanted to bring that up since this is a "dirty" space to
play in right now.

Bammkkkk


On 1/27/07, Jack Pepper <pepperjack-MMNQ1ylbVXZN8Ch2cx6nig@xxxxxxxxxxxxxxxx>
wrote:

Pof in snort: I can write a working POC plugin in a day. Help me
with some design decisions:

Option 1:
POF runs in a standalone mode writing output to a database output.
We should restrict it to the RFC1918 addresses, because our DMZ
servers will be approached by multiple remote hosts with the same
public address. Or we could just "Null-Out" any addresses that give
conflicting results.

Then the snort plug-in will do an OS lookup, similar to Matt's suggestion:
pof: src,is.XP;
or
pof: dest,is.xnix;

Option 2:
POF runs as a preproccessor ? Hmm, I don't like that because POF
needs to capture multiple packets to make a good decision.

Option 3:
??

Help me out here.

jp



-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact: services-MMNQ1ylbVXZN8Ch2cx6nig@xxxxxxxxxxxxxxxx


_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs



--
sguil - The Analyst Console for NSM
http://sguil.sf.net
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: P0F in Snort?, Bamm Visscher
Next by Date:  Re: Stormy P2P bot Sigs -- may be SKYPE ?, Russell Fulton
Previous by Thread:  Re: P0F in Snort?, Jack Pepper
Next by Thread:  Re: P0F in Snort?, tom
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation