Snort mailing list archives
Re: Proffesional Opinions ---wanted
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 4 Sep 2002 14:51:41 -0700 (PDT)
On Wed, 4 Sep 2002, Tim wrote:
Just wanted to get some opinions from people with experience with FLEXRESP. I have been toiling with the idea of jumping in and configuring snort with this option in order to manage some of the attacks.
IMHO, not-so-useful. It works, but due to the way tcp/ip works, it's not that much use on low-latency links. If you have high latency, then it might work for you.
I did re-compile snort with the flexresp option this time, ( curiosity got the better of me ). I made sure to install libnet before I did so. Which went fine...no errors. But I'm not sure if after running ./configure --enable-flexresp if I was supposed to run make and make install again. Any comments or insights to the installation process?
./configure --enable-flexresp && make && make install Each time you change the compile time options, you _have_ to recompile snort.
What do you all think....is flexresp worth the effort? What are the pros and cons to this little utility? Your opinions are appreciated....TIA
*sigh* I can see you're trying to stir up trouble! ;-) Flexresp is 'useful' in ways, but not in others. IMHO, a NIDS should _never_ block or reset connections. That's the job of the firewall. Now, that's my _opinion_. A lot of folks use Flexresp with good results and are happy with it. I don't use it, but that doesn't mean it isn't useful. Try using it. Define a rule top reset any connections to a web site and then try to browse it. If it dies, then you should be good to go. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proffesional Opinions ---wanted Tim (Sep 04)
- Re: Proffesional Opinions ---wanted Erek Adams (Sep 04)
- Re: Proffesional Opinions ---wanted Matt Kettler (Sep 04)