Snort mailing list archives
Attack Detection: Then what
From: "Owais Bin Zuber" <owais_bin_zuber () hotmail com>
Date: Mon, 19 Jan 2004 19:48:06 +0500
Hi, I am trying to implement snort at my network. I have read many documents regarding snort installation and configuration. All the documents tell you that snort will detect the attack, will log it and will send an alert to whatever is configured. The question remains that does snort block the attack itself or leaves this to the administrator. I have read about guardian but discussion on the mailing list revealed that using guardian is not a good idea as it can be used as DoS tool also. My question is that is it possible for snort to send TCP RST packet as a response. Thanks
Current thread:
- Attack Detection: Then what Owais Bin Zuber (Jan 22)
- <Possible follow-ups>
- Re: Attack Detection: Then what M. Morgan (Jan 25)