Snort mailing list archives
Re: Is anyone using 'react' to block the use of Gnutella?
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 23 Sep 2002 16:27:06 -0400
Sure, you'd need a flexresp enabled build of snort, but doing a react reset_all should work most of the time.
The traffic isn't likely to be hand optimized for flexresp evasion, so it should have a pretty low "failure to kill connection" rate. This isn't exactly a security-critical situation, so a very small (less than 1 in 1000) failure rate is acceptable. Certainly killing 999 out of 1000 connect attempts is going to be enough to make gnutella almost unusable.
Sounds like a great job for flexresp.. it's the kind of task it seems best cut out for.
At 02:38 PM 9/23/2002 -0500, Vieth, Scott wrote:
Since Snort can 'see' the folks who are running Gnutella, could I use 'react' to block/disrupt/close those connections?
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Is anyone using 'react' to block the use of Gnutella? Matt Kettler (Sep 23)