Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is anyone using 'react' to block the use of Gnutella?

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 23 Sep 2002 18:13:45 -0400
Even if it was a "dirty" catch all, resetting the connection at any point in the connection will kill it.. really, all of the "react" keyword actions try to terminate the connection. (either using spoofed ICMP or spoofed tcp RST) 

At 04:02 PM 9/23/2002 -0600, hackerwacker wrote:

I had not realized he was talking about RST's for initial gets, as opposed
to a more dirty catch all rule for Gnutella.
----- Original Message -----
From: "Matt Kettler" <mkettler () evi-inc com>
To: <snort-users () lists sourceforge net>
Sent: Monday, September 23, 2002 3:32 PM
Subject: Re: [Snort-users] Is anyone using 'react' to block the use of
Gnutella?


> Hmm, a packet storm? Is Gnutella somehow particularly ill-behaved and not
> using the OS's IP stack (raw socket level interface, as a P2P app? evil..)
>
> TCP is pretty well behaved about this kind of thing. I'd like to see how
> this properly amplifies or sustains in order to act as a storm.
>
>
> At 02:22 PM 9/23/2002 -0600, hackerwacker wrote:
> >NOT advised. Unless you want a packet storm.
>
>
>




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: