Re: Can't seem to compile with --enable-flexresp on RedHat 9

[Rhugga <snort-list () sandiego420 com>]

Matt Kettler wrote:

> At 04:40 PM 7/16/2004, Rhugga wrote:
>
> > Okay thanks all. What exactly does flexible response allow me to do 
> > that I can't do with snort by default? (as I understand snort can 
> > execute scripts based on matches and with scripts can't you do 
> > everything????)
>
>
> No, snort can't execute scripts. It never has been able to, and never 
> will. Process invokation is a fundamentaly slow process, something 
> that would bog snort down for so long that it could miss thousands of 
> packets in the interim.
>
> Use logwatchers to execute scripts, not snort.
>
>
> Flexresp enables snort to send TCP reset packets and ICMP unreachable 
> messages to attempt to cause the client and/or server in a 
> communication session to close the sessions and not accept further data.
Ahhh... I thought I read that snort can log to syslog and optionally run 
scripts. Cool thanks for the info..

-Rhugga


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users