Snort mailing list archives

RE: flex response

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 13 Dec 2001 00:44:00 -0600

-> -----Original Message-----
-> From: Abe L. Getchell [mailto:abegetchell () home com]
-> Sent: Thursday, December 13, 2001 12:04 AM
-> To: Ronneil Camara
-> Cc: snort-users () lists sourceforge net
-> Subject: RE: [Snort-users] flex response
-> 
-> 
-> Hey Neil,
-> 
-> FlexResponse doesn't actually 'block' connections, it uses 
-> spoofed RST's
-> (when TCP traffic trips a flexresp enabled rule) and ICMP 
-> error messages
-> (when UDP traffic trips a flexresp enabled rule) to fool the 
-> offending
-> machine into thinking that the box on the other end is 
-> tearing down the
-> connection for some reason (TCP) or that the network/box/port doesn't
-> exist or isn't open (UDP).

Hi Abe,

Will flexresp work on a stealth interface? Coz right now, I'm running
snort on a stealth interface.

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Flex Response agetchel (Oct 10)
- Re: Flex Response Dilli Rajesh Kumar (Oct 10)
- <Possible follow-ups>
- RE: Flex Response agetchel (Oct 10)
  - Re: Flex Response Dilli Rajesh Kumar (Oct 10)
- flex response Ronneil Camara (Dec 12)
  - Re: flex response Fyodor (Dec 12)
  - RE: flex response Abe L. Getchell (Dec 12)
- RE: flex response Ronneil Camara (Dec 12)