[Snort-sigs] GRE Rule

Dina Bruzek dbruzek at ...435...
Sun Dec 4 17:09:41 EST 2011


I believe GRE is supported.

Dina

Sent from my iPhone

On Dec 4, 2011, at 4:56 PM, vmpc vmpc <packetstack at ...2420...> wrote:

> I want to create a rule that would block anyone trying to connect to my PPTP server after being denied access once. I will be doing this using snortsam. Since the packet that contains the  "Access denied" message is sent back to the PPTP client using the GRE protocol, does that mean that I can't create a rule that will alert on that packet? My understanding is that GRE is not supported at this time. Would it be possible for me to create a general rule that would look at the entire packet and just try to be very specific when it comes to content matching in order to get a match?
> 
> Thanks!
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-sigs mailing list