Snort mailing list archives
Re: Swen.A results with Snort-inline (protocol anomaly detection)
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 26 Sep 2003 12:58:37 +1200
On Thu, Sep 25, 2003 at 09:45:57PM +0100, pieter claassen wrote:
However, this raised another question. All the snort plugins are focused on detection. In this specific case, it would have been great to have a snort plugin that could partake in the SMTP conversation and bring the line down a little bit more gracefully (eg. remember the message id of
There's already some precedence for that - Snort already has code for doing "HTTP Resets" for want of a better word - the "react" function. However, although I too make good use of some of Snort's antivirus functionality (the SMB rules), the real way of dealing with viruses and trojans is with an antivirus package - not an IDS. Network scanner-based technology will NEVER be able to replace AV systems... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Swen.A results with Snort-inline (protocol anomaly detection) pieter claassen (Sep 25)
- Re: Swen.A results with Snort-inline (protocol anomaly detection) Jason Haar (Sep 25)
- Re: Swen.A results with Snort-inline (protocol anomaly detection) pieter claassen (Sep 26)
- Re: Swen.A results with Snort-inline (protocol anomaly detection) Jason Haar (Sep 26)
- Re: Swen.A results with Snort-inline (protocol anomaly detection) pieter claassen (Sep 26)
- Re: Swen.A results with Snort-inline (protocol anomaly detection) Jason Haar (Sep 25)