Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Confirming flexresponse

From: "Cesar Diaz" <cdiaz () chemonics com>
Date: Tue, 1 May 2007 10:09:47 -0400
I compiled snort with flexresponse enabled and added "resp:rst_all" to a
few P2P rules.  I still see alerts on those rules in BASE, but I assume
that after it is detected, the RST packet is sent and the connection
dropped.
 
Is there a way to confirm that the response is taking place, and then if
it worked or not?
 
Thanks in advance for your help,
 
Cesar
 
 
 
Cesar Diaz
Network Security Engineer
Knowledge Management
Chemonics International
P 202.955.3300
www.chemonics.com <http://www.chemonics.com/> 
 

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: