Snort mailing list archives
RE: third party utility to kill ...
From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 31 Jan 2002 13:23:52 -0600
Hi Matt, Granted. So, what's your approach then? -> -----Original Message----- -> From: Matt Kettler [mailto:mkettler () evi-inc com] -> Sent: Thursday, January 31, 2002 12:43 PM -> To: Ronneil Camara; snort-users () lists sourceforge net -> Subject: Re: [Snort-users] third party utility to kill ... -> -> -> The snort FAQ describes why trying to invoke an external -> process from an -> IDS is a generally bad idea (hint: this creates a security -> hole that allows -> your IDS to be bypassed by causing it to waste so much time invoking -> processes it starts missing packets.). -> -> Read the faq: -> -> http://www.snort.org/docs/faq.html#5.9 -> -> And yes, the FAQ mentions a bit about the speed of this on -> windows, but -> it's not acceptably fast to do in *nix either. -> -> At 04:18 PM 1/30/2002 -0600, Ronneil Camara wrote: -> >I would like to kill a tcp connection other than making use -> of flexresp. -> >I want to make use of tcpkill by Dugsong. -> > -> >Is there a way I can call this program once an alert, say -> web-iis cmd.exe, -> >is sensed by snort, then snort is going to execute tcpkill -> -9 <target_ip>? -> -> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- third party utility to kill ... Ronneil Camara (Jan 30)
- <Possible follow-ups>
- Re: third party utility to kill ... Matt Kettler (Jan 31)
- RE: third party utility to kill ... Ronneil Camara (Jan 31)
- RE: third party utility to kill ... Matt Kettler (Jan 31)
- RE: third party utility to kill ... Ronneil Camara (Jan 31)