[Snort-sigs] GRE Rule
packetstack at ...2420...
Sun Dec 4 16:56:35 EST 2011
I want to create a rule that would block anyone trying to connect to my
PPTP server after being denied access once. I will be doing this using
snortsam. Since the packet that contains the "Access denied" message is
sent back to the PPTP client using the GRE protocol, does that mean that I
can't create a rule that will alert on that packet? My understanding is
that GRE is not supported at this time. Would it be possible for me to
create a general rule that would look at the entire packet and just try to
be very specific when it comes to content matching in order to get a match?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs