Snort mailing list archives
Re: Snort dropping packages. How to ?
From: Jason <security () brvenik com>
Date: Thu, 10 Oct 2002 23:27:36 -0400
Be very careful using these options. Especially with virus content.In the case of mail, the sending server will continue to attempt to deliver the mail until the message expires. POP users could have the connection to the server closed and not be able to get any mail past that message.
In the case of an auto propogating virus you could end up creating a storm of traffic as the virus will keep sending and you will keep attempting to close.
The good with the bad. Like any tool, you have to know how to use it. Alberto Gonzalez wrote:
you might want to take a look at 'resp' and or 'react'.React has the ability to implement flexible reactions for traffic that matches a given snort rule. I guess the main function your looking for is 'block' .Check section 2.3.22 for Resp and section 2.3.24 for React in the "Snort Users Manual".hope it helps - Albert armando () hadrion com br wrote:Hi Guys, I'm with a doubt in snort, if someone can help me. ;) I have snort.conf using several rules. One of this files is virus.rules, where i only have virus signatures. =] And this rules is working properly when a virus arrive (it detect virus and log). But i like that the snort didn't log only, i like that snort log and drop (delete) the package whith mismatch with a virus signature (based on virus.rules). :)) How to do it ?? Some idea ?? Thkz a lot. Best Regards. [ ]'s
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort dropping packages. How to ? armando (Oct 10)
- <Possible follow-ups>
- Snort dropping packages. How to ? armando (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Jason (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)