Re: some basic questions

[Saad Kadhi <bsdguy () noos fr>]

On Wed, 2001-10-03 at 18:56, Rob Collins wrote:
[huge snip]
> Since the IDS and Firewall are seperate, the firewall
> may pass the matched packet on to the internal host. 
> Snort has now way of stopping this (??).  Does sending
> forged RST packets (or icmp X unreachable) from the
> IDS reset the connection, is this what Snort is doing?
dunno about Snort. But at least this is what RealSecure is doing. Si I
guess it's about the same w/ Snort. 
 
-- 
/saad
[put your signature here]
self-customize-sig(tm). another dumb patent...
nodisclaimer


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users