[Snort-devel] ANNOUNCE: flexresp2 (new and improved active response for Snort)

Jeff Nathan jeff at ...835...
Wed Sep 3 11:12:09 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Wednesday, September 3, 2003, at 07:37 AM, Chris Green wrote:

> You need the ability to send to the sender in case it's something like
> the attack-responses type rules and the SIP is the machine local.
> -- 
> Chris Green <cmg at ...402...>
> "I'm beginning to think that my router may be confused."

Chris,

I hadn't thought about attack-response rules.  What I was hoping for 
was to prevent users from trying to rely on active response to shutdown 
the attacker's side of the connection.

Do you think this is critically important?

- -Jeff

- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
"Great spirits have always encountered violent opposition from
mediocre minds."   - Albert Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/Vi7TEqr8+Gkj0/0RApPaAJ0bSjEnWs3RatTIwy5UXgch1ITxogCgvKRd
Vx4tgRrU9GBQChbfHKszpv4=
=nQVy
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list