[Snort-devel] ANNOUNCE: flexresp2 (new and improved active response for Snort)
jeff at ...835...
Wed Sep 3 11:12:09 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday, September 3, 2003, at 07:37 AM, Chris Green wrote:
> You need the ability to send to the sender in case it's something like
> the attack-responses type rules and the SIP is the machine local.
> Chris Green <cmg at ...402...>
> "I'm beginning to think that my router may be confused."
I hadn't thought about attack-response rules. What I was hoping for
was to prevent users from trying to rely on active response to shutdown
the attacker's side of the connection.
Do you think this is critically important?
http://cerberus.sourcefire.com/~jeff (gpg key available)
"Great spirits have always encountered violent opposition from
mediocre minds." - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
-----END PGP SIGNATURE-----
More information about the Snort-devel