Snort mailing list archives
Re: third party utility to kill ...
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 31 Jan 2002 13:42:36 -0500
The snort FAQ describes why trying to invoke an external process from an IDS is a generally bad idea (hint: this creates a security hole that allows your IDS to be bypassed by causing it to waste so much time invoking processes it starts missing packets.).
Read the faq: http://www.snort.org/docs/faq.html#5.9And yes, the FAQ mentions a bit about the speed of this on windows, but it's not acceptably fast to do in *nix either.
At 04:18 PM 1/30/2002 -0600, Ronneil Camara wrote:
I would like to kill a tcp connection other than making use of flexresp. I want to make use of tcpkill by Dugsong. Is there a way I can call this program once an alert, say web-iis cmd.exe, is sensed by snort, then snort is going to execute tcpkill -9 <target_ip>?
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- third party utility to kill ... Ronneil Camara (Jan 30)
- <Possible follow-ups>
- Re: third party utility to kill ... Matt Kettler (Jan 31)
- RE: third party utility to kill ... Ronneil Camara (Jan 31)
- RE: third party utility to kill ... Matt Kettler (Jan 31)
- RE: third party utility to kill ... Ronneil Camara (Jan 31)