Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: third party utility to kill ...

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 31 Jan 2002 13:23:52 -0600
Hi Matt,

Granted. So, what's your approach then?

-> -----Original Message-----
-> From: Matt Kettler [mailto:mkettler () evi-inc com]
-> Sent: Thursday, January 31, 2002 12:43 PM
-> To: Ronneil Camara; snort-users () lists sourceforge net
-> Subject: Re: [Snort-users] third party utility to kill ...
-> 
-> 
-> The snort FAQ describes why trying to invoke an external 
-> process from an 
-> IDS is a generally bad idea (hint: this creates a security 
-> hole that allows 
-> your IDS to be bypassed by causing it to waste so much time invoking 
-> processes it starts missing packets.).
-> 
-> Read the faq:
-> 
-> http://www.snort.org/docs/faq.html#5.9
-> 
-> And yes, the FAQ mentions a bit about the speed of this on 
-> windows, but 
-> it's not acceptably fast to do in *nix either.
-> 
-> At 04:18 PM 1/30/2002 -0600, Ronneil Camara wrote:
-> >I would like to kill a tcp connection other than making use 
-> of flexresp.
-> >I want to make use of tcpkill by Dugsong.
-> >
-> >Is there a way I can call this program once an alert, say 
-> web-iis cmd.exe,
-> >is sensed by snort, then snort is going to execute tcpkill 
-> -9 <target_ip>?
-> 
-> 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: