Snort mailing list archives
Re: FW: Flex-Response, anyone using it?
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 20 May 2004 15:21:25 -0500
--On Wednesday, May 19, 2004 04:37:17 PM -0400 IDont ThinkSo <billygates_sux () hotmail com> wrote:
Flexresp works well, as all it needs to do is send out a reset packet (or icmp unreachable or such) if a certain condition is met. And yes, if you write a rule to send a reset packet when syn packet on port 25 arrives it will send one out and block the connection.
Of course I never wrote such a rule, nor did I ever say that I wrote such a rule, but you're entitled to speculate, I suppose.
HOWEVER, you
should not use flexresp with normal snort smtp rules, as mail servers do not like connections being reset while it is receiving a msg.
Well, that's sort of a "Doh!", isn't it!
I never wrote any rules to "torment admins" nor did I ever say that I wrote any rules to torment admins. Again, I suppose you're entitled to speculate to your heart's content, but try not to attribute to me things that I've never said.As paul only uses this only to torment admins with less knowledge than him (I don't know how that is possible) he cannot testify to its use in a real environment. If they were smarter they might just track his ass down and beat him senselessly.
I'll let the readers decide who has more credibility - someone who posts under their own name or someone who posts pseudo-anonymously.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Flex-Response, anyone using it?, (continued)
- Re: Flex-Response, anyone using it? Jason (May 19)
- Re: Flex-Response, anyone using it? James Riden (May 19)
- Re: Flex-Response, anyone using it? Jason (May 20)
- Re: Flex-Response, anyone using it? Jason (May 26)
- Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- Re: FW: Flex-Response, anyone using it? Paul Schmehl (May 20)
- Re: Flex-Response, anyone using it? James Riden (May 20)