Snort mailing list archives
Re: Block
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 16 Feb 2004 13:48:14 -0500
At 11:16 AM 2/16/2004, Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco@jalisc wrote:
Hi I would like to know if with snort or some plug I can block attacks or virus
For viruses, I'd really recomend NOT using snort to control these... install a copy of clamav or some other virus scanner on your SMTP gateway and make all mail go through it.
For attacks, there are 3 different tools that expand snort to have blocking capability., with different limitations and degrees of capability:
1) flexresp-not 100% reliable, but comes with snort, all you need is --with-flexresp for your config. Relies on attempting to desynchronize or reset TCP connections, or using ICMP error messages to make one or both systems give up on the conversation.
2) snort-inline- linux kernel specific at the moment, but does true kernel-level firewall interaction as packets arrive.
3) snortsam- supports a wide variety of firewalls, but acts slightly after the fact. This means the packet that contained the trigger gets passed, but subsequent packets will get blocked, limiting the impact of the exposure.
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
- Re[2]: Snort logging way too much Ochronus (Feb 13)
- Message not available
- Re[2]: Snort logging way too much Ochronus (Feb 15)
- Block Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 16)
- Message not available
- Re: Block Matt Kettler (Feb 16)
- Re: Block Paul Schmehl (Feb 16)
- Re: Block Frank Knobbe (Feb 16)
- Re: Block Paul Schmehl (Feb 16)
- Re[2]: Snort logging way too much Ochronus (Feb 13)
- Re: Block Frank Knobbe (Feb 16)
- Re: Block Brian (Feb 16)
- Re: Block Matt Kettler (Feb 17)
- Re: Snort logging way too much Martin Roesch (Feb 13)