Snort mailing list archives

Re: flexresp

From: Grant Parkinson <grantp () userid0 com>
Date: Fri, 29 Jan 1904 22:58:36 -0759

If the snort sensor is not serving as a GW it should be located on asegment or mirrored port through which it can view the connections youwould like to RST. Snort is not modifying the data 'in-flight', it issending an RST with spoofed source addr and sequence.


Have a look at README.FLEXRSP for additional info.

--
 grant p.

I built snort machine with mysql support.I didn't include flexresp. I just
wonder-can I use flexresp if machine is not a default gateway for the
network? If it is not the dg, then how it will reset some connections and
prevent them from getting inside the network?

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Flexresp, (continued)
- Re: Flexresp Chris Green (Jan 16)
- RE: Flexresp Bill Shaffer (Jan 16)
- flexresp Claudiu Ionescu (Jan 24)
  - Re: flexresp Chris Green (Jan 24)
    - Re: flexresp Claudiu Ionescu (Jan 24)
    - Re: flexresp Claudiu Ionescu (Jan 24)
    - Re: flexresp Charles Polisher (Jan 24)
- flexresp Claudiu Ionescu (Jan 30)
- flexresp Fran Boudraux (Feb 19)
- flexresp Basil Saragoza (Feb 22)
  - Re: flexresp Grant Parkinson (Feb 22)
    - Workstation or Server in RH 7.2? CGI (Feb 26)
    - Re: Workstation or Server in RH 7.2? Alex Pinheiro Machado Rodrigues (Feb 26)
    - Re: Workstation or Server in RH 7.2? Demetri Mouratis (Feb 26)