Snort mailing list archives
Re: some basic questions
From: Saad Kadhi <bsdguy () noos fr>
Date: 04 Oct 2001 08:51:29 +0200
On Wed, 2001-10-03 at 18:56, Rob Collins wrote: [huge snip]
Since the IDS and Firewall are seperate, the firewall may pass the matched packet on to the internal host. Snort has now way of stopping this (??). Does sending forged RST packets (or icmp X unreachable) from the IDS reset the connection, is this what Snort is doing?
dunno about Snort. But at least this is what RealSecure is doing. Si I guess it's about the same w/ Snort. -- /saad [put your signature here] self-customize-sig(tm). another dumb patent... nodisclaimer _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- some basic questions Rob Collins (Oct 03)
- Re: some basic questions Saad Kadhi (Oct 03)