Snort mailing list archives
Confirming flexresponse
From: "Cesar Diaz" <cdiaz () chemonics com>
Date: Tue, 1 May 2007 10:09:47 -0400
I compiled snort with flexresponse enabled and added "resp:rst_all" to a few P2P rules. I still see alerts on those rules in BASE, but I assume that after it is detected, the RST packet is sent and the connection dropped. Is there a way to confirm that the response is taking place, and then if it worked or not? Thanks in advance for your help, Cesar Cesar Diaz Network Security Engineer Knowledge Management Chemonics International P 202.955.3300 www.chemonics.com <http://www.chemonics.com/>
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confirming flexresponse Cesar Diaz (May 01)
- Re: Confirming flexresponse Joel Esler (May 01)
- Re: Confirming flexresponse Matt Kettler (May 01)