Re: Snort dropping packages. How to ?

[Alberto Gonzalez <ag-snort () cerebro violating us>]

actually, be careful when playing with resp and react. you might want to 
also take a look at snort-inline(haven't played with it seems cool), or 
hogwash.

hope it helps

   - Albert

Alberto Gonzalez wrote:

> you might want to take a look at 'resp' and or 'react'.
>
> React has the ability to implement flexible reactions for traffic that 
> matches a given snort rule. I guess the main function your looking for 
> is 'block' .
>
> Check section 2.3.22 for Resp and section 2.3.24 for React in the 
> "Snort Users Manual".
>
> hope it helps
>
>    - Albert
>
> armando () hadrion com br wrote:
>
> > Hi Guys,
> >
> > I'm with a doubt in snort, if someone can help me. ;)
> >
> > I have snort.conf using several rules. One of this files is
> > virus.rules, where i only have virus signatures. =]
> >
> > And this rules is working properly when a virus arrive (it detect
> > virus and log).
> >
> > But i like that the snort didn't log only, i like that snort log and
> > drop (delete) the package whith mismatch with a virus signature (based
> > on virus.rules). :))
> >
> > How to do it ??
> >
> > Some idea ??
> >
> > Thkz a lot.
> >
> > Best Regards.
> >
> > [ ]'s

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users