Snort mailing list archives
RE: flex response
From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 13 Dec 2001 00:44:00 -0600
-> -----Original Message----- -> From: Abe L. Getchell [mailto:abegetchell () home com] -> Sent: Thursday, December 13, 2001 12:04 AM -> To: Ronneil Camara -> Cc: snort-users () lists sourceforge net -> Subject: RE: [Snort-users] flex response -> -> -> Hey Neil, -> -> FlexResponse doesn't actually 'block' connections, it uses -> spoofed RST's -> (when TCP traffic trips a flexresp enabled rule) and ICMP -> error messages -> (when UDP traffic trips a flexresp enabled rule) to fool the -> offending -> machine into thinking that the box on the other end is -> tearing down the -> connection for some reason (TCP) or that the network/box/port doesn't -> exist or isn't open (UDP). Hi Abe, Will flexresp work on a stealth interface? Coz right now, I'm running snort on a stealth interface. Neil _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Flex Response agetchel (Oct 10)
- Re: Flex Response Dilli Rajesh Kumar (Oct 10)
- <Possible follow-ups>
- RE: Flex Response agetchel (Oct 10)
- Re: Flex Response Dilli Rajesh Kumar (Oct 10)
- flex response Ronneil Camara (Dec 12)
- Re: flex response Fyodor (Dec 12)
- RE: flex response Abe L. Getchell (Dec 12)
- RE: flex response Ronneil Camara (Dec 12)