Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can't seem to compile with --enable-flexresp on RedHat 9

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 16 Jul 2004 16:54:33 -0400
At 04:40 PM 7/16/2004, Rhugga wrote:
Okay thanks all. What exactly does flexible response allow me to do that I can't do with snort by default? (as I understand snort can execute scripts based on matches and with scripts can't you do everything????)
No, snort can't execute scripts. It never has been able to, and never will. Process invokation is a fundamentaly slow process, something that would bog snort down for so long that it could miss thousands of packets in the interim. 

Use logwatchers to execute scripts, not snort.
Flexresp enables snort to send TCP reset packets and ICMP unreachable messages to attempt to cause the client and/or server in a communication session to close the sessions and not accept further data. 




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: