Re: Flex-Response, anyone using it?

[Paul Schmehl <pauls () utdallas edu>]

--On Wednesday, May 19, 2004 10:07:45 AM -0500 Dusty Hall 
<halljer () auburn edu> wrote:

> I'm curious to know how many people, if any, are using Flex-Response and
> what kind of results they have seen?  I've been using it for some P2P
> rules but haven't actually tested it from the client.  Any information
> would be greatly appreciated.
There's been a lot of discussion on this list about not depending upon 
flexresp to do much for you.

Having said that, I can tell you from personal experience that it will 
completely prevent communication between two smtp servers.

So I would say it works pretty well.  Whether or not it will actually 
prevent an attack, I can't say from personal experience, but I *can* tell 
you it will irritate the hell out of an admin trying to track down a failed 
connections problem.  :-)

And yes, we still use it.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users