[Snort-users] Dropping Connections

Joe Barr warthawg at ...1645...
Fri Mar 23 12:37:19 EST 2001


I was a little surprised not to find rules which reset
connections in the database, or perhaps even block the
attacking IP address ala portsentry.

Is resetting or dropping a connection not considered to
be the best line of action during an attack? 



-- 

#--------------------------------------------------#
| Joe Barr                   warthawg at ...1645... |
| Longears and Linux........... nowhere but Texas! |
#--------------------------------------------------#




More information about the Snort-users mailing list