[Snort-sigs] GRE Rule

vmpc vmpc packetstack at ...2420...
Sun Dec 4 16:56:35 EST 2011


I want to create a rule that would block anyone trying to connect to my
PPTP server after being denied access once. I will be doing this using
snortsam. Since the packet that contains the  "Access denied" message is
sent back to the PPTP client using the GRE protocol, does that mean that I
can't create a rule that will alert on that packet? My understanding is
that GRE is not supported at this time. Would it be possible for me to
create a general rule that would look at the entire packet and just try to
be very specific when it comes to content matching in order to get a match?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20111204/642a85e1/attachment.html>


More information about the Snort-sigs mailing list