Snort mailing list archives
Re: Snort dropping packages. How to ?
From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Thu, 10 Oct 2002 20:23:36 -0700
you might want to take a look at 'resp' and or 'react'.React has the ability to implement flexible reactions for traffic that matches a given snort rule. I guess the main function your looking for is 'block' .
Check section 2.3.22 for Resp and section 2.3.24 for React in the "Snort Users Manual".
hope it helps - Albert armando () hadrion com br wrote:
Hi Guys, I'm with a doubt in snort, if someone can help me. ;) I have snort.conf using several rules. One of this files is virus.rules, where i only have virus signatures. =] And this rules is working properly when a virus arrive (it detect virus and log). But i like that the snort didn't log only, i like that snort log and drop (delete) the package whith mismatch with a virus signature (based on virus.rules). :)) How to do it ?? Some idea ?? Thkz a lot. Best Regards. [ ]'s
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort dropping packages. How to ? armando (Oct 10)
- <Possible follow-ups>
- Snort dropping packages. How to ? armando (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Jason (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)