Snort mailing list archives
Re: Updated IP Blacklisting patch (version 2)
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 6 Jul 2009 15:57:09 -0400
On Mon, Jun 22, 2009 at 6:06 PM, Eoin Miller<eoin.miller () trojanedbinaries com> wrote:
Martin Roesch wrote:Hey everyone,Is anyone else using this patch is able to get the information about which blacklist is being triggered when you are using barnyard? Since the generator is just identified by number 136 and the unified output that goes through barnyard just references the gen-msg.map, it isn't really possible to determine which blacklist triggered the alert. If you use fast/full alerting this patch does indeed work great!
Hi Eoin, I'd have to think about how to do that, probably the best route is to add a mapping like we do with the rule messages. Of course, then we'd need to assign static numbers to the 3rd party lists or something. Definitely bears thinking about. Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 06)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)