Newbie questions, Snort on NT, stealth mode vs react/flexresp

["Dave Thornburgh" <dave_thornburgh () hotmail com>]

Hello all.

I'm in the investigation/learning phase.  Soon I'll be implementing a
firewalled internet connection for my company, email server in the DMZ,
Snort sensors at a couple of key spots - the whole kit & caboodle.  I think
I'm getting a pretty good grasp of Snort basics, or at least as much as I
can without actually building the boxes & putting them through their paces.
I'm planning on running Snort on NT, until I get the firewall stuff under
control and dive back into *nix.

I am a little confused about the "react" option and the flexresp module,
especially as it relates to running Snort on a stealthed interface.  If
there is no stack running for the interface, can flexresp still transmit the
reset packets?  Although I'm far from being an expert, that just didn't seem
possible to me.  Or, if I want to use stealth, do I need to give up on using
react?

Also, I tried searching the mailing list archives for similar questions, and
saw a couple of responses along the lines of "read the flexresp README and
all will be clear".  My problem is, I searched www.snort.org a couple of
times, and cannot find a README for flexresp.  Does anybody know if this
would be found elsewhere on the net?

Thanks,

Dave


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users