Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Request patch application

    IDS/IPS
    4
    7
    1145
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rand4505 last edited by

      Fox IT patch to add detection of Quantuminsert attacks to snort.

      https://github.com/fox-it/quantuminsert/tree/master/detection/snort

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        I prefer to wait until the patches are accepted into upstream (that is, accepted by the Cisco/Sourcefire guys).  Once they accept them, they will then find their way into the FreeBSD port of Snort.  I use the FreeBSD port for the Snort package on pfSense.

        Bill

        1 Reply Last reply Reply Quote 0
        • 2
          2chemlud Banned last edited by

          Hi!

          Would it be possible to describe how to apply this patch "by hand" to make it work until the NSA eeeehhh CISCO has approved the patch?

          Kind regards!

          chenlud

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            You have to modify the source code for the Snort binary and recompile.  But the way binaries currently work on pfSense is through PBI packages, so you also need a compiler environment that can produce a compatible PBI.  You would then install that PBI on pfSense.

            This is beyond what most folks have ready access to.

            Bill

            1 Reply Last reply Reply Quote 0
            • 2
              2chemlud Banned last edited by

              …including myself. Pity!

              But thanks a lot for stopping by and explain to the noobs :-)

              kind regards

              chemlud

              1 Reply Last reply Reply Quote 0
              • ?
                Guest last edited by

                Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

                Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.

                1 Reply Last reply Reply Quote 0
                • bmeeks
                  bmeeks last edited by

                  @somosane:

                  Jim Thompson speaks about QI integration on his blog entry on https://blog.pfsense.org/?p=1724

                  Will the pfSense Snort packages have QI detection before upstream integration? Not sure how to interpret the blog post.

                  I won't try to speak for Jim, but my guess is the answer to your question depends on whether or not QI detection is merged into the FreeBSD port of Snort before it makes it into upstream.  If or when that might happen, I have no idea.  I do know that pfSense likes to stay in sync to the maximum extent possible with FreeBSD ports.

                  Bill

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post