[Oisf-users] Flexresp or Active response for windows?

Peter Manev petermanev at gmail.com
Sun May 11 15:23:52 UTC 2014


On Fri, May 9, 2014 at 7:01 PM, Rich Rumble <richrumble at gmail.com> wrote:
> On Thu, May 8, 2014 at 5:54 PM, Rich Rumble <richrumble at gmail.com> wrote:
>>
>> I see on the wiki Suricata can work with IPTables, but does it have a
>> windows equivalent?
>> The modern supported windows OS's actually are configurable via CLI using
>> PowerShell, WMIC and Netsh.exe, so the windows firewalls could accept
>> commands similar to Iptables, but perhaps not as robust a feature set.
>>
>> Snort has Flexresp(3) and that works on Linux and Win32 still, it looks
>> like Suri may have Flexresp too? (see below)
>> https://doxygen.openinfosecfoundation.org/respond-reject-libnet11_8c.html
>>
>> I have not tried any reset rules like these on Suricata yet but I will
>> when I get a minute:
>
> 9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)]
> - unknown rule keyword 'resp'.
> 9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
> error parsing signature "alert tcp 192.168.11.10 any -> any etc...
> 9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)]
> - unknown rule keyword 'resp'.
> 9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
> error parsing signature "alert ip any any -> any any ( conte etc...
> 9/5/2014 -- 12:58:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules
> loaded from C:\Program Files\Suricata\rules\blocking.rules
>
> Guess that sort of answers that...
> I'll see what I can do with trying to find netsh.exe commands that might be
> similar to iptables commands.
>  -rich


Thank you Rich
PowerShell 4.0 has a ton of native/default/built in modules, might be
worthed to have  a look too...

-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list