Snort mailing list archives
Re: Documentation suggestions regarding the unreliability flexresp.
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 25 Jul 2003 15:50:40 -0400
At 01:13 PM 7/25/2003 -0600, Rich Adamson wrote:
> It seems to be a common misunderstanding that flexresp actually works well > and is usable as a reliable alternative to a firewall. > Seems there are some that jump to the conclusion that flexresp's "only" use is as a firewall.
I made no such statement or assumption that firewalling is the "only" use. I merely stated it is a common misconception that it can be used as one.. A misconception supported by the current state of the documentation.
Were I to believe that flexresp only had use as a firewall, I'd be petitioning for the complete removal of flexresp from snort, not a correction of the documentation. After all, if the only use of a feature doesn't work, having the feature at all is misleading and foolish. But that's not the case. Flexresp has it's uses, but has its limits as well.
It works very well for a number of other functions, and closely emulates functionality available in some commercial applications that are not sold as an IDS. But, the warning should still be included in the documentation. :)
Aye.. I never meant to imply it's useless, it's just got limits that the documentation fails to make the user aware of. If you read README.FLEXRESP you might well think "oh, this is how I can block packets", when that's not how it works.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Documentation suggestions regarding the unreliability flexresp. Matt Kettler (Jul 25)
- Re: Documentation suggestions regarding the unreliability flexresp. Rich Adamson (Jul 25)
- Re: Documentation suggestions regarding the unreliability flexresp. Matt Kettler (Jul 25)
- Re: Documentation suggestions regarding the unreliability flexresp. Jon Baer (Jul 27)
- RE: Documentation suggestions regarding the unreliability FlexRESP. Michael Steele (Jul 27)
- Re: Documentation suggestions regarding the unreliability flexresp. Jeff Nathan (Jul 28)
- <Possible follow-ups>
- RE: Documentation suggestions regarding the unreliability flexresp. Schmehl, Paul L (Jul 25)
- RE: Documentation suggestions regarding the unreliability flexresp. Rich Adamson (Jul 27)
- Re: Documentation suggestions regarding the unreliability flexresp. Rich Adamson (Jul 25)