Snort's Blocking Capability?

["Thop \(Thomas Hesketh-Roberts\)" <tmhesket () scm brad ac uk>]

G'Day People,

There are some simple issues I cannot seem to get my head round
with snort, which basically boils down to ignorance on my part.

I can express this "ignorance" as a number of questions:

 * As I understand, snort monitors packets as it reaches the interface,
    but can it actually *delete* an individual packet so that applications
    do not receive it?

 * In further words, is snort capable of effectively "blocking" activity
    from a particular IP address?

And also:

 * When snort's flexresp plugin is used to send connection reset
    packages to source/destination IP, am I right in saying this doesn't
    actually stop the packet from reaching the receiving IP on our
    network (so it is not "blocked")?

 * Could a setup on the hacker's machine not simply ignore
    connection reset packets anyway?

If I understand correctly, snort doesn't work low-level enough to
actually "block" packets from doing what they would do?  If so, are
they any plugins or external applications that can work co-operatively
with snort and stop packets from reaching applications on the host?

Many thanks to anyone who can answer any of these questions,
any reply is much appreciated, :)

Yours,

Thop
<><



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users