Security Basics mailing list archives

RE: Can snort cut off connections ?

From: "dbs" <brandon () kungfoo info>
Date: Wed, 14 Jul 2004 14:40:59 -0500

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jaun,
Snort has a feature to let you write "active respone rules".  To
enable this feature use the keywork is 'resp'.  However, there are a
some caveats to be noted.  In order for this to work you my have a
very fast IDS, because enabling this feature will add additional
workload to your IDS.  In addition, you have to compile this feature
in at build time.  This is documented in the snort manual on
www.snort.org.  


Good Luck,
Brandon






Fingerprint:  
AB56 1637 13F5 9FF8 2F0B  7147 F20D 21CB 5728 FEAE

- -----Original Message-----
From: Juan B [mailto:juanbabi () yahoo com]
Sent: Tuesday, July 13, 2004 1:46 AM
To: security-basics () securityfocus com
Subject: Can snort cut off connections ?


Hi,

I heard that It is possible to change snort to be
active and start droping connections based on
predifined roles. is it true ?

thanks


                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

- ----------------------------------------------------------------------
- -----
Ethical Hacking at the InfoSec Institute. Mention this ad and get
$545 off 
any course! All of our class sizes are guaranteed to be 10 students
or less 
to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master
the skills 
of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
- ----------------------------------------------------------------------
- ------


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQPWMSvINIctXKP6uEQLzlACdFqdfnsoMqRM7+jqb/d/r5dI5qdkAn1Xc
oTdrzEEAG89+XQKBW2+BNyB3
=6Otz
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Can snort cut off connections ? Juan B (Jul 13)
- Re: Can snort cut off connections ? Zoran Perkov (Jul 13)
- Re: Can snort cut off connections ? Dan Daggett (Jul 13)
- RE: Can snort cut off connections ? Jason Haith (Jul 13)
- RE: Can snort cut off connections ? dbs (Jul 15)
- <Possible follow-ups>
- RE: Can snort cut off connections ? Dave Torre (Jul 13)
- RE: Can snort cut off connections ? Jordan, Jason D. "Dallas" (Jul 13)
- Re: Can snort cut off connections ? Michael Sconzo (Jul 14)