Snort mailing list archives
Re: GRE Rule
From: PS <packetstack () gmail com>
Date: Sun, 4 Dec 2011 17:31:51 -0500
This was taken from the 2.9 manual "3.2.2 Protocols The next field in a rule is the protocol. There are four protocols that Snort currently analyzes for suspicious behavior – TCP, UDP, ICMP, and IP. In the future there may be more, such as ARP, IGRP, GRE, OSPF, RIP, IPX, etc. " But I do see online where it says that snort does have a GRE decoder and that it has to be enabled when compiling. I'm not sure what the difference is. On Dec 4, 2011, at 5:09 PM, Dina Bruzek <dbruzek () sourcefire com> wrote:
I believe GRE is supported. Dina Sent from my iPhone On Dec 4, 2011, at 4:56 PM, vmpc vmpc <packetstack () gmail com> wrote:I want to create a rule that would block anyone trying to connect to my PPTP server after being denied access once. I will be doing this using snortsam. Since the packet that contains the "Access denied" message is sent back to the PPTP client using the GRE protocol, does that mean that I can't create a rule that will alert on that packet? My understanding is that GRE is not supported at this time. Would it be possible for me to create a general rule that would look at the entire packet and just try to be very specific when it comes to content matching in order to get a match? Thanks! ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- GRE Rule vmpc vmpc (Dec 04)
- Re: GRE Rule Dina Bruzek (Dec 05)
- Re: GRE Rule PS (Dec 04)
- Re: GRE Rule Joel Esler (Dec 05)
- Re: GRE Rule PS (Dec 04)
- Re: GRE Rule Bad Horse (Dec 06)
- Re: GRE Rule Dina Bruzek (Dec 05)