Snort mailing list archives
Re: using flex response to block auto updates of clientsoftware
From: Saad Kadhi <bsdguy () docisland org>
Date: 09 Jan 2002 20:49:13 +0100
On Wed, 2002-01-09 at 18:00, Madhav Diwan wrote:
I need to use snort to look at the packet content and block on that . I cant simply block a port because the ports are in use for regular client tasks ( ususally) and the updates may or may not go though them ..theres no way to tell yet. I would love to block the updates just using port blocking on my firewalls there .. but i cant block ports without making the software useless. This is where both snort's IDS and sniffing functions come to play together.
well using flexresp for this type of task may lead to a truckload of problems & bundled headaches. To my knowledge, flexresp is not _that_ stable. If I were you & if the update software use http or the likes, you can transparently redirect it to a dansguardian box & block it there. This is a task for the firewall or for a content filtering software. my 0.02 euros.
Madhav.Glenn Forbes Fleming Larratt wrote: Um...why use flex response as opposed to simply blocking the traffic from the external host or hosts, using whatever firewall or other access control you have at your site? What you want to do seems more a firewall than an IDS task. -g On Wed, 9 Jan 2002, Madhav Diwan wrote:I would like to put an IDS in place on a proxy server that handles mainly tcp connections from several clients to a external service provider running a tcp server over nonstandard ports._______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- /Saad -- [bsdguy () docisland org] [pgp keyid: 35592A6D http://pgp.mit.edu] # buy a geek-in-a-can, point nozzle at technical problem and spray # if desesperate degauss your screen. it might solve your pb as well _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- using flex response to block auto updates of client software Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of client software Glenn Forbes Fleming Larratt (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- using flex response to block auto updates of clientsoftware Murphy (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Saad Kadhi (Jan 09)
- Re: using flex response to block auto updates of clientsoftware Madhav Diwan (Jan 09)
- Re: using flex response to block auto updates of client software Glenn Forbes Fleming Larratt (Jan 09)