Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Request patch application

    Scheduled Pinned Locked Moved IDS/IPS
    7 Posts 4 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rand4505
      last edited by

      Fox IT patch to add detection of Quantuminsert attacks to snort.

      https://github.com/fox-it/quantuminsert/tree/master/detection/snort

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        I prefer to wait until the patches are accepted into upstream (that is, accepted by the Cisco/Sourcefire guys).  Once they accept them, they will then find their way into the FreeBSD port of Snort.  I use the FreeBSD port for the Snort package on pfSense.

        Bill

        1 Reply Last reply Reply Quote 0
        • 2
          2chemlud Banned
          last edited by

          Hi!

          Would it be possible to describe how to apply this patch "by hand" to make it work until the NSA eeeehhh CISCO has approved the patch?

          Kind regards!

          chenlud

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            You have to modify the source code for the Snort binary and recompile.  But the way binaries currently work on pfSense is through PBI packages, so you also need a compiler environment that can produce a compatible PBI.  You would then install that PBI on pfSense.

            This is beyond what most folks have ready access to.

            Bill

            1 Reply Last reply Reply Quote 0
            • 2
              2chemlud Banned
              last edited by

              …including myself. Pity!

              But thanks a lot for stopping by and explain to the noobs :-)

              kind regards

              chemlud

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

                Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.

                1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks
                  last edited by

                  @somosane:

                  Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

                  Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.

                  I won't try to speak for Jim, but my guess is the answer to your question depends on whether or not QI detection is merged into the FreeBSD port of Snort before it makes it into upstream.  If or when that might happen, I have no idea.  I do know that pfSense likes to stay in sync to the maximum extent possible with FreeBSD ports.

                  Bill

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.