Snort mailing list archives
Re: Using resp against a virus
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 09 Jul 2002 22:39:44 -0400
Michael Boman wrote:
On Wednesday 10 July 2002 05:39, Jeremy wrote:I was just curious if resp could be used to reset the connection when an email virus matches a rule. For example we get tons of Klez matches on our external snort box and I was wondering if we could use resp to reset the connection before it hits the smtp server.If you reset the SMTP transmission the SMTP server on the other end will try again and again and again... You get the idea... <rant> Viruses should be stopped by a ANTI VIRUS software, NOT with a IDS software.
Oh, I don't know, there's a certain satisfaction in tying up the sender SMTP and adding to their outbound queue... Jeff ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using resp against a virus Jeremy (Jul 09)
- Re: Using resp against a virus Michael Boman (Jul 09)
- Re: Using resp against a virus Jeff Kell (Jul 09)
- Re: Using resp against a virus -> LaBrea plugin? Frank Knobbe (Jul 09)
- Re: Using resp against a virus Jeff Kell (Jul 09)
- Re: Using resp against a virus Bennett Todd (Jul 10)
- Re: Using resp against a virus Michael Boman (Jul 09)