Snort mailing list archives
Re: How to make flexresp respond on all existing rules ?
From: Rich Adamson <radamson () routers com>
Date: Thu, 10 Jul 2003 19:33:33 -0600
Yes, you have to edit each rule that you'd like flexresp to respond to, "and" tell flexresp exactly how you want it to respond. Hopefully you've read the archives to know that flexresp can lead you into a false sense of security as not all intruders actually listen for whatever flexresp might be sending. Also, unless you understand exactly how each of your applications/systems might respond to a flexresp packet, you're likely to assume things that aren't correct. Be carefull. ------------------------
Do I manually have to edit all rules that I want a flexresp response for (by inserting the string "resp:rst_all"), or is there a way to make snort make a flexresp response on any alerts (without editing the rules) ?
------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to make flexresp respond on all existing rules ? Bo Jacobsen (Jul 10)
- Re: How to make flexresp respond on all existing rules ? Erek Adams (Jul 10)
- Re: How to make flexresp respond on all existing rules ? Matt Kettler (Jul 10)
- Re: How to make flexresp respond on all existing rules ? Rich Adamson (Jul 10)
- Re: How to make flexresp respond on all existing rules ? Gary Flynn (Jul 10)
- Re: How to make flexresp respond on all existing rules ? Erek Adams (Jul 10)