Request patch application



  • Fox IT patch to add detection of Quantuminsert attacks to snort.

    https://github.com/fox-it/quantuminsert/tree/master/detection/snort



  • I prefer to wait until the patches are accepted into upstream (that is, accepted by the Cisco/Sourcefire guys).  Once they accept them, they will then find their way into the FreeBSD port of Snort.  I use the FreeBSD port for the Snort package on pfSense.

    Bill


  • Banned

    Hi!

    Would it be possible to describe how to apply this patch "by hand" to make it work until the NSA eeeehhh CISCO has approved the patch?

    Kind regards!

    chenlud



  • You have to modify the source code for the Snort binary and recompile.  But the way binaries currently work on pfSense is through PBI packages, so you also need a compiler environment that can produce a compatible PBI.  You would then install that PBI on pfSense.

    This is beyond what most folks have ready access to.

    Bill


  • Banned

    …including myself. Pity!

    But thanks a lot for stopping by and explain to the noobs :-)

    kind regards

    chemlud



  • Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

    Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.



  • @somosane:

    Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

    Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.

    I won't try to speak for Jim, but my guess is the answer to your question depends on whether or not QI detection is merged into the FreeBSD port of Snort before it makes it into upstream.  If or when that might happen, I have no idea.  I do know that pfSense likes to stay in sync to the maximum extent possible with FreeBSD ports.

    Bill


Log in to reply