GRE Rule

[vmpc vmpc <packetstack () gmail com>]

I want to create a rule that would block anyone trying to connect to my
PPTP server after being denied access once. I will be doing this using
snortsam. Since the packet that contains the  "Access denied" message is
sent back to the PPTP client using the GRE protocol, does that mean that I
can't create a rule that will alert on that packet? My understanding is
that GRE is not supported at this time. Would it be possible for me to
create a general rule that would look at the entire packet and just try to
be very specific when it comes to content matching in order to get a match?

Thanks!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!