Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: flex response

From: Fyodor <fygrave () tigerteam net>
Date: Thu, 13 Dec 2001 05:35:50 +0700
On Wed, Dec 12, 2001 at 04:04:40PM -0600, Ronneil Camara wrote:

Hi guys, me again.

I need to know how flex response can block attacks? I don't know if it's
a good idea to enable it. But how does it block attacks? What about
preventing snort's flex response to not block a specific network, it it
possible like by using white list? Does this flex response work in
conjuction with a firewall to block the attack? If so, what firewalls
are supported?


It will not 'block' attack, it will try to reset the connection, but
chances are that something could slip through (especially on the
high-speed network). Resetting is done by spoofing tcp rst (for tcp) or
icmp unreach packets (udp), if this answers your question :-)


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: