Snort mailing list archives

Re: FW: Flex-Response, anyone using it?

From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 20 May 2004 15:21:25 -0500

--On Wednesday, May 19, 2004 04:37:17 PM -0400 IDont ThinkSo<billygates_sux () hotmail com> wrote:


   Flexresp works well, as all it needs to do is send out a reset packet
(or icmp unreachable or such) if a certain condition is met.  And yes, if
you write a rule to send a reset packet when syn packet on port 25
arrives it will send one out and block the connection.

Of course I never wrote such a rule, nor did I ever say that I wrote such arule, but you're entitled to speculate, I suppose.


 HOWEVER, you

should not use flexresp with normal snort smtp rules, as mail servers do
not like connections being reset while it is receiving a msg.


Well, that's sort of a "Doh!", isn't it!

 As paul
only uses this only to torment admins with less knowledge than him (I
don't know how that is possible) he cannot testify to its use in a real
environment.  If they were smarter they might just track his ass down and
beat him senselessly.

I never wrote any rules to "torment admins" nor did I ever say that I wroteany rules to torment admins. Again, I suppose you're entitled to speculateto your heart's content, but try not to attribute to me things that I'venever said.

I'll let the readers decide who has more credibility - someone who postsunder their own name or someone who posts pseudo-anonymously.


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g

Get certified on the hottest thing ever to hit the market... Oracle 10g.Take an Oracle 10g class now, and we'll give you the exam FREE.

http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Flex-Response, anyone using it?, (continued)
- - - Re: Flex-Response, anyone using it? Jason (May 19)
    - Re: Flex-Response, anyone using it? James Riden (May 19)
    - Re: Flex-Response, anyone using it? Jason (May 20)
    - Re: Flex-Response, anyone using it? Jason (May 26)
    - Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- FW: Flex-Response, anyone using it? IDont ThinkSo (May 20)
  - Re: FW: Flex-Response, anyone using it? Paul Schmehl (May 20)
- RE: Flex-Response, anyone using it? CGhercoias (May 20)
  - Re: Flex-Response, anyone using it? James Riden (May 20)