Snort mailing list archives
using flex response to block auto updates of clientsoftware
From: "Murphy" <murphy () infomaniak ch>
Date: Wed, 9 Jan 2002 20:41:13 +0100
I think that what Glenn was trying to say, was to block on src/dst host not specifically on port. For example, blocking whatever windowsupdate.microsoft.com resolves to. There is very little chance that any "legitimate" outgoing traffic would connect to *that* host. Murphy. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Madhav Diwan Sent: Wednesday, January 09, 2002 18:01 To: Glenn Forbes Fleming Larratt Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] using flex response to block auto updates of clientsoftware I need to use snort to look at the packet content and block on that . I cant simply block a port because the ports are in use for regular client tasks ( ususally) and the updates may or may not go though them ..theres no way to tell yet. I would love to block the updates just using port blocking on my firewalls there .. but i cant block ports without making the software useless. This is where both snort's IDS and sniffing functions come to play together. Madhav.
Glenn Forbes Fleming Larratt wrote: Um...why use flex response as opposed to simply blocking the traffic from the external host or hosts, using whatever firewall or other access control you have at your site? What you want to do seems more a firewall than an IDS task. -g On Wed, 9 Jan 2002, Madhav Diwan wrote:I would like to put an IDS in place on a proxy server that handles mainly tcp connections from several clients to a external service provider running a tcp server over nonstandard ports._______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- using flex response to block auto updates of client software Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of client software Glenn Forbes Fleming Larratt (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- using flex response to block auto updates of clientsoftware Murphy (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Saad Kadhi (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of client software Glenn Forbes Fleming Larratt (Jan 09)