Snort mailing list archives
Re: snort 2.9.0.3 flexresp3 and active-response
From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 2 Feb 2011 20:46:46 -0500
On Wed, Feb 2, 2011 at 8:31 PM, Michael Scheidell < michael.scheidell () secnap com> wrote:
On 2/2/11 12:52 PM, Russ Combs wrote: is there any reason to enable one without the other?it appears to me that you would want both or none.That makes sense to me. And neither will generate responses without additional configuration so no harm done.I suppose one option would be to enable flexresp3 so that resp: rulesand sensitve data rules don't error out, but only enable active response if user wants it. the challenge to ports/rpm maintainers is to select the most USEFUL and common options. sure, savvy users can edit the Makefile and add in their own config options. but most don't./ I was referring to the snort.conf stuff that must be set to use active
responses. One is a rule option, as you mentioned above, and the other is based on rule action and requires stream5 settings, etc. Neither will be enabled just because they are built in.
-- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Certified SNORT Integrator - 2008-9 Hot Company Award Winner, World Executive Alliance - Five-Star Partner Program 2009, VARBusiness - Best in Email Security,2010: Network Products Guide - King of Spam Filters, SC Magazine 2008 ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------ ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 2.9.0.3 flexresp3 and active-response Michael Scheidell (Feb 01)
- Re: snort 2.9.0.3 flexresp3 and active-response Russ Combs (Feb 02)
- Re: snort 2.9.0.3 flexresp3 and active-response Michael Scheidell (Feb 02)
- Re: snort 2.9.0.3 flexresp3 and active-response Russ Combs (Feb 02)
- Re: snort 2.9.0.3 flexresp3 and active-response Michael Scheidell (Feb 02)
- Re: snort 2.9.0.3 flexresp3 and active-response Russ Combs (Feb 02)