I ended up just tossing the regex since it's useless for IPv6 addresses. > I wish Windows had a built-in shell util for validating any IP address. >
I had considered tossing it too. But I hate to loose even basic validation. I had also considered using Python or just writing a simple C# utility to validate using the IPAddress.Parse() library call, but that might be overkill. > I wonder if this is something specific to Windows 2012 as I've got it > working for windows 7. I haven't gotten around to testing with 2012 > yet. > I'm wondering myself, I am working my way through the MacOS active response today and I can't get agent_control -b x.x.x.x -f resp -u xxxx to work on the Mac same as my Win X. Although, tests against the Unix hosts work flawlessly. Since I haven't had an SSH scan since I configured and restarted everything I can't see if a real event will trigger a response like it does on my Win X hosts. I can't believe I am actually hoping for an attack to test the response... :} Now you have me curious... I am having one of our server guys spin me up a 2012 instance to bang on it, so I can see if there is a consistent pattern here. ... I am probably going to go though the source at this point, I'm still not convinced its a bug yet though... I'm still in the early stages of wrapping my brain around it and I may have messed up or missed something somewhere. Rather than trying to choose the interface IP I found it simpler to just > set the gateway to either 0.0.0.0 or :: whichever applies. > I had considered hard coding it too. I might still. It all depends on if I stick with nulling the traffic routes or move to using the Windows and Mac firewall to drop packets. The windows firewall rules will be persistent and that is not actually advantageous for a number of reasons. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
