[Oisf-users] Flexresp or Active response for windows?

Rich Rumble richrumble at gmail.com
Fri May 9 17:01:44 UTC 2014


On Thu, May 8, 2014 at 5:54 PM, Rich Rumble <richrumble at gmail.com> wrote:

> I see on the wiki Suricata can work with IPTables, but does it have a
> windows equivalent?
> The modern supported windows OS's actually are configurable via CLI using
> PowerShell, WMIC and Netsh.exe, so the windows firewalls could accept
> commands similar to Iptables, but perhaps not as robust a feature set.
>
> Snort has Flexresp(3) and that works on Linux and Win32 still, it looks
> like Suri may have Flexresp too? (see below)
> https://doxygen.openinfosecfoundation.org/respond-reject-libnet11_8c.html
>
> I have not tried any reset rules like these on Suricata yet but I willwhen I get a minute:
>
9/5/2014 -- 12:58:25 - <Error> - [ERRCODE:
SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'resp'.
9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert tcp 192.168.11.10 any -> any etc...
9/5/2014 -- 12:58:25 - <Error> - [ERRCODE:
SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'resp'.
9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert ip any any -> any any ( conte etc...
9/5/2014 -- 12:58:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
rules loaded from C:\Program Files\Suricata\rules\blocking.rules

Guess that sort of answers that...
I'll see what I can do with trying to find netsh.exe commands that might be
similar to iptables commands.
 -rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140509/ed50abb1/attachment-0002.html>


More information about the Oisf-users mailing list