Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proffesional Opinions ---wanted

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 4 Sep 2002 14:51:41 -0700 (PDT)
On Wed, 4 Sep 2002, Tim wrote:


Just wanted to get some opinions from people with experience with FLEXRESP.
I have been toiling with the idea of jumping in and configuring snort with
this option in order to manage some of the attacks.


IMHO, not-so-useful.  It works, but due to the way tcp/ip works, it's not that
much use on low-latency links.  If you have high latency, then it might work
for you.


I did re-compile snort with the flexresp option this time, ( curiosity got
the better of me ). I made sure to install libnet before I did so. Which
went fine...no errors. But I'm not sure if after running ./configure
--enable-flexresp if I was supposed to run make and make install again. Any
comments or insights to the installation process?


./configure --enable-flexresp && make && make install

Each time you change the compile time options, you _have_ to recompile snort.


What do you all think....is flexresp worth the effort? What are the pros and
cons to this little utility? Your opinions are appreciated....TIA


*sigh*  I can see you're trying to stir up trouble!  ;-)  Flexresp is 'useful'
in ways, but not in others.  IMHO, a NIDS should _never_ block or reset
connections.  That's the job of the firewall.  Now, that's my _opinion_.  A
lot of folks use Flexresp with good results and are happy with it.  I don't
use it, but that doesn't mean it isn't useful.

Try using it.  Define a rule top reset any connections to a web site and then
try to browse it.  If it dies, then you should be good to go.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: