Snort mailing list archives
Re: Flex-Response, anyone using it?
From: James Riden <j.riden () massey ac nz>
Date: Thu, 20 May 2004 13:47:24 +1200
Jason Haar <Jason.Haar () trimble co nz> writes:
On Wed, May 19, 2004 at 03:04:28PM -0500, Paul Schmehl wrote:I'm curious to know how many people, if any, are using Flex-Response and what kind of results they have seen? I've been using it for some P2P rules but haven't actually tested it from the client. Any information would be greatly appreciated.We use it and it works well. We've turned it on for specific rules - such as BLASTER and Sasser exploits. However you much appreciate it relies VERY much on your network configuration. All TCP RSETs are sent from eth0 (your primary Ethernet interface) with spoofed IP addresses.
Not true on my setup; it goes on the OS routing table AFAICT. My setup is eth0 without an IP address, hence no routes, so eth1 gets used for flexresp traffic. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex-Response, anyone using it? Dusty Hall (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
- Re: Flex-Response, anyone using it? Jason Haar (May 19)
- Re: Flex-Response, anyone using it? James Riden (May 19)
- Re: Flex-Response, anyone using it? Jason (May 19)
- Re: Flex-Response, anyone using it? James Riden (May 19)
- Re: Flex-Response, anyone using it? Jason (May 20)
- Re: Flex-Response, anyone using it? Jason (May 26)
- Re: Flex-Response, anyone using it? Jason Haar (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
- Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- <Possible follow-ups>
- FW: Flex-Response, anyone using it? IDont ThinkSo (May 20)