Snort mailing list archives
Re: React & Resp keyword working
From: Alberto Gonzalez <albertg () cerebro violating us>
Date: Tue, 31 Dec 2002 03:54:43 -0800
Well, your saying that they *only* listen on the nw g/w. Well snort is meant to run on the network g/w. Doesn't mean you can't have snort running on the internal interface of the gw which the rest of the machines connect to
(HUB scenario)? Hogwash and Snortsam can both do this. Cheers, Alberto Gonzalez Atul Shrivastava wrote:
Dear Alberto,Thx for this. I go through the Snortsam and Hogwash, but they doesn't fullfill my requirement. Actually for Hogwash, I have to put my snort box in a pass-through mode between the internal and external n/w and for Snortsam, it only modifies the rules for some firewall which is again at the gateway of the n/w. Let say some internal guy is doing somethink ill-legal, then these two will not work. Suppose I want that no porson in my internal network will not be able to do FTP within the network if the file contains some specified characters or say logging as "root". So for it Snortsam and Hogwash will not be able to detect and take a action according to that. I want that as this guy initialte such things and when the Snort come to know about this then the connection is blocked automatically and a message is send to the user doing that.Merry Christmas and a fruitful new year ....... Regards and have a nice day, Atul Shrivastava Info Structure Services HCL INFOSYSTEMS LTD. E - 4,5,6 Sector XI, Noida - 201301 Tel: 91-120-2526910,2443013----------------------------------------------------------------------------- Original Message -----From: "Alberto Gonzalez" <albertg () cerebro violating us <mailto:albertg () cerebro violating us>>To: "Atul Shrivastava" <atulsh () hclinsys com <mailto:atulsh () hclinsys com>> Sent: Tuesday, December 31, 2002 1:44 PM Subject: Re: [Snort-users] React & Resp keyword working > If you *haven't* compiled snort with flexresp, i think you can answer > your own question if they will work. > I suggest looking into snortsam for blocking of offending connections. > That or Hogwash will do. You can > use flexresp but I've seen people bork their networks cause of it. I've > played with all three, and my choices > will be hogwash and or snortsam for the job. >> Cheers, > Alberto Gonzalez> > Atul Shrivastava wrote: > > > Hello,> > > > I am quiet keen to know about the keyword "RESP" & "REACT"> > I am working on Snort for a long time and now I need to forcely block > > the connections which are not legal. So for that I need to use these> > two keywords. I have got enough knowledge about these two keywords but> > before going for it, I would like to ask you that I have not compiled > > my snort (./configure) with flexresp. > > So I want to know that whether these rules will work on my machine or > > not. Further you have told that some message be sent to the user fot > > it but it will be available soon. I am using the snort verison 1.9.1. > > Is these facility is available in this verison. > > Please help me in this issue. Thanks in advance.> > > > Merry Christmas and a very happy new year ......> > Regards and have a nice day, > > Atul Shrivastava > > Info Structure Services > > HCL INFOSYSTEMS LTD. > > E - 4,5,6 Sector XI, > > Noida - 201301 > > Tel: 91-120-2526910,2443013> > > > >> > -- > The secret to success is to start from scratch and keep on scratching.>
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- React & Resp keyword working Atul Shrivastava (Dec 30)
- Message not available
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Re: React & Resp keyword working Alberto Gonzalez (Dec 31)
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Message not available