Snort mailing list archives

Re: Flex-Response, anyone using it?

From: Jason <security () brvenik com>
Date: Thu, 20 May 2004 14:49:59 -0400



James Riden wrote:

Jason <security () brvenik com> writes:

It will be a few weeks before I can get around to testing it for this
case so if anyone wants to give it a try and confirm functionality
"that would be great".


[...]


This is because your management interface is on a network that can route
the forged packets to the destination. The case I was referring to is
using this method to inject traffic onto the wire in the same location

as the sensing interface or into a location where the forged packets canbe handled properly thus ensuring there is a routable destination.

I think it might also give a better chance of resetting the connection
before the offending packet reaches the destination.

Like in this network

internet
   |
 Router
   |
   |<-- inject
   |      |
Firewall  |
   |      |
   | <-- DMZ Sensor
   |      |    |
Firewall  |    |
   |      |    | <--- dedicated mgmt
   |<-- inject |
   |           |
Internal   Firewall
   |           |
   |___________|
     Computers


It just seemed to work OK out of the box, with minimal fiddling. No
traffic is appearing on the wrong interfaces, etc.

Don't forget... When you report your test results back to the list do
not forget that the TPS report has a new format, didn't you read the
memo.



Er, sorry?


Every time I hear or say "that would be great" I am obligated to make a
reference to the TPS report from the movie Office Space






-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g

Get certified on the hottest thing ever to hit the market... Oracle 10g.Take an Oracle 10g class now, and we'll give you the exam FREE.

http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Flex-Response, anyone using it? Dusty Hall (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
  - Re: Flex-Response, anyone using it? Jason Haar (May 19)
    - Re: Flex-Response, anyone using it? James Riden (May 19)
    - Re: Flex-Response, anyone using it? Jason (May 19)
    - Re: Flex-Response, anyone using it? James Riden (May 19)
    - Re: Flex-Response, anyone using it? Jason (May 20)
    - Re: Flex-Response, anyone using it? Jason (May 26)
    - Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- <Possible follow-ups>
- FW: Flex-Response, anyone using it? IDont ThinkSo (May 20)
  - Re: FW: Flex-Response, anyone using it? Paul Schmehl (May 20)
- RE: Flex-Response, anyone using it? CGhercoias (May 20)
  - Re: Flex-Response, anyone using it? James Riden (May 20)